Yubikey 5 NFC series is failing to register when residentKey
59 views
Skip to first unread message
Ashly Schwan
Oct 1, 2024, 7:47:11 AMOct 1
to FIDO Dev (fido-dev)
And why it is failing for only specific series of Yubikey (5 NFC series)? And some of older Yubikeys are working as expected. Any idea how residentKey attribute introduced for passkey is resulting failure for Yubikey 5 NFC? Is there any way to test FIDO server compliance against the standard set of Yubikeys?
Thanks,
Ashly
My1
Oct 1, 2024, 9:52:18 AMOct 1
to Ashly Schwan, FIDO Dev (fido-dev)
Can you check which Firmware is on the Yubikey? newer Yubikeys come with newer Firmware which creates some headache as older Yubikey 5's are essentially having CTAP2.0, while newer ones have 2.1 or other changes which affects some things in regards to Resident Credentials, like CTAP2.1 and 2.1PRE have the ability to manage them individually rather than the CDRW approach of nuking everything once the 25 are full.
Is there a specific failure Message? one plausible reason could also be that it is plain full as the Yubico devices have one of the Lowest amounts of Resident Credentials you can store.
Generally new things at the WebAuthn layer should not affect the CTAP Layer in a meaningful way as WebAuthn is basically the method on how a relying Party's Website has to communicate with a Browser and how the Backend verification works but how the Browser communicates with any given Authenticators is iirc handled elsewhere, like for FIDO2-Authenticators like the Yubikey, CTAP is used, while the transport with phones uses its own protocol iirc.
Regards
My1
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/fcf762f1-3dad-40af-a41d-da44be932d8bn%40fidoalliance.org.
Reply all
Reply to author
Forward
0 new messages