Adding FIDO2 security key to windows account

Am trying to add Nitrokey (which is loaded with self signed certificate) as a FIDO2 security key. But am getting error - “we couldnt verify your identity or you are using private mode. Please ensure you are not in private browsing windows and please try again.”

Here am not using any private browsing window or incognito window. Am trying this on a Chrome browser and also tried in Edge but the error remains the same.

Is this due to self signed certificate - Am using keys and attestation cert present in the following github location: nitrokey-fido2-firmware/keys/attestation at master · Nitrokey/nitrokey-fido2-firmware · GitHub

Hi @saralaya !
This might come from mismatch between the device key and the associated certificate. Can you check with another application, e.g. pynitrokey? E.g.

nitropy fido2 verify

(let me know if pynitrokey is not working for you)

You can as well read the actual error directly from the Chrome logs. See description at:

• Browser rejects signature due to invalid response · Issue #58 · Nitrokey/nitrokey-fido2-firmware · GitHub

In the directory you have provided we keep the official certificate and a dummy key - the correct one is kept secret on our HSM hardware. For the development firmware we use the configuration from the ./dev directory (debug-release-buildv recipe from the Makefile).