First open source JavaCard applet for FIDO U2F over NFC from Ledger
1,307 views
Skip to first unread message
Fred Le Tamanoir (NEOWAVE.FR)
Dec 23, 2015, 8:01:27 AM12/23/15
to FIDO Dev (fido-dev)
Our friends from Ledger (a french startup focusing on secure smart card based
solutions for cryptocurrencies / strong authentication / secure online services)
just released the first open source Java Card applet for FIDO U2F over NFC.
(You can buy commercial products from Ledger and Fidesmo too, but that's not
the point here, use your favorite search engine for this)
More info on GitHub page but here is a quick overview with few notes of mine:
Ledger U2F Java Card Applet
---------------------------------------
This applet is a Java Card implementation of the FIDO Alliance U2F standard
It uses no proprietary vendor API and is freely available on Ledger Unplugged
(Note: Ledger Unplugged is a NXP JCOP based contactless smart card with
another Java Card applet for Bitcoin) and for a small fee on other Fidesmo
devices (Note: Generic Fidesmo cards are the same NXP JCOP based
contactless smart cards that you can buy with or without applets => you can
load applets from their online services after initial purchase).
The generated CAP file can be loaded on your own Java Card based smart
card using your favorite third party software (or refer to Fidesmo Gradle Plugin
to use on the Fidesmo platform)
Load parameters:
[1 byte flag] : provide 01 to pass the current Fido NFC interoperability tests, or
00 (Note: the most secure parameter is probably 00 => I am not sure... I think
this parameter is present because interoperability tests expect user do not
have to remove the card from the field between two signatures... this may
change for the best soon, so use 00 for tests and use 01 for better security)
[2 bytes length (big endian encoded)] : length of the attestation certificate to
load, supposed to be using a private key on the P-256 curve
[32 bytes] : private key of the attestation certificate
Before using the applet, the attestation certificate shall be loaded using this
APDU:
CLA: F0
INS: 01
P1: offset (high)
P2: offset (low)
Data: Certificate data chunk
Testing on Android
-------------------------
Download Google Authenticator
(only last release -7 december, 2015- have "Developer preview: support for
NFC Security Key")
NFC Security Key")
Test with Chrome on
or
This implementation has been certified FIDO U2F compliant
on December 17, 2015 (U2F100020151217001)
License
----------
This application is licensed under Apache 2.0
Contact
-----------
he...@ledger.fr for any question
Enjoy.
Regards -- Frédéric MARTIN System & Security Architect NEOWAVE (FIDO Alliance Member)
Chien Hoang
Sep 8, 2016, 2:35:13 AM9/8/16
to FIDO Dev (fido-dev)
Dear Mr. Fred Le Tamanoir,
Thank to your sharing, i got this source code. I can re-compile the source, load and install the .cap file into a JavaCard (contact) based on PyAPDU tool from JavaCardOS SDK. That's all.
I can't test it with this link: https://demo.yubico.com/u2f?tab=register , so i don't know whether it run well or not !
Could you send me a scirpt of APDU commands ?
Looking forward to your news soon.
Thanks and Regards,
Hoang Chien
Thank to your sharing, i got this source code. I can re-compile the source, load and install the .cap file into a JavaCard (contact) based on PyAPDU tool from JavaCardOS SDK. That's all.
I can't test it with this link: https://demo.yubico.com/u2f?tab=register , so i don't know whether it run well or not !
Could you send me a scirpt of APDU commands ?
Looking forward to your news soon.
Thanks and Regards,
Hoang Chien
Reply all
Reply to author
Forward
0 new messages