I have a contactless java card with FIDO-U2F applet (provided by you) installed on it. I wanted to use this card as FIDO U2F device as demonstrated in video shared by LedgerWallet. I am running github on my smartphone having FIDO enabled Google Authenticator app installed on it. I go through the step given on github for registering the device. At last when gitub asked to add the device, Google Authenticator app gets open.Google Authenticator said to touch and hold the device,for that I am attaching my javacard on the back of the phone after that it comes back to Github website and again asked to add the device.

iOS now supports NFC FIDO2 CTAP2 authenticators. Unfortunately, Apple doesn't support the use of NFC U2F/CTAP1 authenticators, with or without the appid extension. Thus, this applet is currently not compatible with iOS devices when used with NFC.

(It is unclear if iOS supports CTAP1 via USB, but Safari on macOS does support CTAP1 for USB devices)

I'm proposing writing a small FIDO2 "wrapper" that will enable this applet to be compatible with iOS devices. Such a wrapper would effectively make the applet a FIDO2 compliant token that doesn't support resident keys or pin codes, but it would work with iOS. It wouldn't work with all services (like those that require pin codes), but it would work with any service that previously worked with a U2F token.

I mention this because it is likely the path of least resistance to implementing something that works with iOS: Just take the existing U2F/CTAP1 authenticator and implement a little CBOR parsing to extract the fields, do the U2F/CTAP1 processing, and then wrap that in more CBOR to return a FIDO2 result. Easy-ish.

The alternative is to effectively start an entirely new FIDO2 authenticator project, which is a lot of work.

Hello,

Is this project dead? I would like to try it out; some things don't go well though

1. outdated readme: the API for sdk has changed in v3.0.5, in the Readme you advise using 3.0.2 but the newest source code uses RandomData.nextBytes() and other 3.0.5+ API.

2. could you please be more specific on the installation process? I was unable to find out which certificate should I get (and where) to proceed.

Thank you!

I am trying to install U2F applet on a different JavaCard 3.x and can you please explain where to get these attestation certificate and attestation private key? I believe this has already been done by LedgerWallet.
Once this certificate is obtained, in what format certificate data is loaded in JavaCard 3.x smart card?

As I am a developer in China where many smart card vendors still just support JavaCard 2.2, there is a few choices for me to buy the smart card. So, can you tell me which smart card you deployed on?

Regards

Yang Zhou
Postgraduate Student
University of Electronic Science and Technology of China