Allow use as FIDO authenticator

[bitgamma]

We could implement, as a separate applet, a FIDO U2F authenticator. Ideally, if the formats are compatible, one would be able to use one of the derived keys as identity for authentification.

[guylouis]

I agree this would be a very natural extra feature of the card. And quite easy to add. Are there any good open source implementation for this ?

I wouldn't either put it on top priority of the to-do-list, unless we identify some usages of U2F linked with adoption of ethereum, dapps, and wallet space. What do you think ?

[bitgamma]

There are open source implementations, but I want to explore the possibility of not using separate identity keys for FIDO and instead integrate it with our key tree (using the non-wallet subtree). Of course this would mean doing our own implementation. I also do not consider this to be top priority for now.

[mulles]

79 related issue, which I closed now as it is double

[rileyg98]

For something like this, that's kind of outside the scope of this applet. If you're after a FIDO2 compliant spec, you can freely fork my implementation of this (https://github.com/VivoKey/vk-u2f).

[rkreutz]

Hey there. Any plans on supporting this? I'd say even just supporting a very basic implementation with no connection with the main applet keys would already be very helpful and might drive adoption of keycard for other things (not only tied to cryptocurrencies).

[rkreutz]

For future reference, I've managed to use this as an U2F authenticator on my Keycard https://github.com/darconeous/u2f-javacard. Just downloading the CAP from the releases and following the script on the README was enough to have it working on my iOS device.

[willianpaixao]

Hey @bitgamma, any chances to use the above mentioned implementation?

[bitgamma]

we keep the card open so that you can install any applet on it. We might look into preinstalling it in future batches but there is nothing preventing you to install it using the venerable https://github.com/martinpaljak/GlobalPlatformPro. Just make sure you use the correct globalplatform key which is c212e073ff8b4bbfaff4de8ab655221f

[willianpaixao]

I'll try to install it, but my question is whether this feature could be brought as a official/supported Keycard feature.