Security Key NFC (the blue one) cannot be detected in YubiKey Personalization Tool

[Simon Song]

Hello guys,

I was instructed to buy the 'Security Key NFC' in the quiz, and now I was trying to develop the feature of U2F of the device using both SDKs in .NET provided on the website and the GUI. However, when I downloaded the 'YubiKey Personalization Tool' and plugged in the device into my MacBook Pro, the software displayed 'No YubiKey inserted' at the top right corner of the software. 

The Security Key NFC can be successfully detected in other two softwares(Yubico Authenticator & YubiKey Manager), but not on the YubiKey Personalization Tool. 

Does anyone know how I could fix this? Does the YubiKey Personalization Tool even have the ability to detect the Security Key NFC?

Below is a screenshot of the three softwares. I will be more than grateful if anyone could save my ass. Thank you!

[John Bradley]

The personalization tool is for the non Fido protocols on The YubiKey 4 and 5 series.  

The blue keys are Fido U2F and CTAP2 only so the tool has nothing to configure as the key doesn't contain the non Fido provisioning API that personalisation tool uses.  

It should however say something like that rather than just not finding the key. 

The only configuration for U2F is resetting the key and both authenticator and manager will do that.  

Regards

John B. 

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/9320b474-c282-4849-8631-99e379874cafn%40fidoalliance.org.

[Simon Song]

John,

Oh thank you so much! 

Actually I was trying to find a device that supports U2F (or something that would allow users to do an 'insert' action as a 2nd factor after they input the username & password). I was instructed to buy the blue chip but now it seems I may need to buy the Series 5?

By the way, what kind of resources do I need to look for if I want to programmatically configure & utilize the content such as 'Private Identity' & 'Secrete Key' within the chip? Does the SDK provided on the website in .NET work for me?

Thank you so much!

Simon

[John Bradley]

Utilize the private key could mean a bunch of things. 

If you want to use the CTAP2 API then libFido2 is your friend on OSX.  

If you want to do arbitrary signatures then you may be looking for gpgcard or PIV smart card functionality.  For that you will need a Series 5 and different libraries.   

It sounds like you are only trying to do a U2F second factor.  If that is the case then the blue key and libFido2 should work fine.  

John B. 

[วรุต สุทธิ]

ในวันที่ จ. 25 ต.ค. 2021 01:41 น. Simon Song <songxim...@gmail.com> เขียนว่า:

--

[Simon Song]

Oh thank you so much! 

I am quite new to this service so it seems like I may need a little more time to fully grab what you are talking about. Basically I was developing my own website service that requires a second factor authentication. I am using Amazon Cognito as the backbone of my user management API, but I don't think inserting the blue chip directly will work since I was only using a portion of the APIs from Cognito, which is why I kept asking if there is a programmatic way to configure & store the information within the USB device.

That means I may need to have a deep development including getting all the essential information of each chip (such as the private key and stuff of the USB device)  & storing these information into my own database so that I could have a fine grain control of each user using the U2F.

I will go and have a look whether or not CTAP2 API & libFido2 will work under the programmatic scenario, and I will surely be more than happy if you could help me out further if I have problems later on!

Simon S.

[Emil Lundberg]

Hi Simon,

If you only need to support the security key as a second factor in a web application, then you do not need libfido2 and you don't need to worry about CTAP2 directly. Instead you should use the WebAuthn API in the browser. Unless you have particular requirements on what kind of security key your users are allowed to use (say, if you are in a regulated industry that requires some particular certification), you don't need to worry about the particulars of the chip either. Here is a good introduction of how WebAuthn works and how to use it. There's also a sibling page with an index of some libraries you might use to help with the server-side logic.

And no, the YubiKey Personalization Tool is not able to detect the Security Key series keys, and it never will.

Emil Lundberg

Software Engineer | Yubico

To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/00cc6a94-58d9-4b4b-8c5a-4ab9c760f89bn%40fidoalliance.org.

[Mayra Morales Silva]

Por favor,no me manden escritos en Ingles,porque No entiendo nada.Domino muy poco ese idioma y me quedo sin saber que me quieren decir Muchas gracias.Saludos de Mayi.

--

[Luke Walker]

If you are looking to integrate WebAuthn with Amazon Cognito then you may find this starter kit useful. 

To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAM4nT5LMpTW8g4aaBtO1QkVd0cfHrNCf80So-cdrV5VY8PNSYA%40mail.gmail.com.

--

Luke Walker

Director - Developer Program | Yubico