is there a way (Browser code, USB app…) to manage the 50 slots that the Nitrokey FIDO2 provides for storing username-less credentials?
In github there were commits, stating, that on a Firmware Flash, the resident keys are gone. What would be the correct procedure to perform the update, once the stick is in use and a firmware reflash is needed, short of reregistering the stick again on all sites?
Thank you,
Michael.
PS: Reason I am asking is, that if I cannot manage the RKs, I would probably do a lot of testing on one key without using that one in production and competely reset it (if this is possible) before actually using it.
You should be able to manage the RKs over Google Chrome on non-Windows OSes. We should prepare in the future one additional tool for doing that in the command line.
I think you are referring to the transition between major releases, specifically 1.x -> 2.x. Decision was made to not migrate the user data in this upgrade path, since the RKs were not properly constructed earlier and thus not usable in the next version. Non-RK key was migrated for both FIDO2 and FIDO U2F. In the next releases we plan to maintain user data in all upgrades whenever feasible.
Regarding point 1 and Google Chrome, it is available either via direct configuration URL:
Regarding #1 I tried that now with the latest Chrome on macOS Mojave. None of the option worked, these were the messages:
This security key doesn’t support PINs
This security key can’t store any sign-in data
Your security key can’t store fingerprints
Resetting does not work at all, no messages.
So I am hoping that you can release an Electron App, which allows to use the security key on multiple platforms and remove no longer needed keys once the 50 slots are full.
Hi,
looks like I also have problems with nitrokey fido2:
I also tried nitrokey fido2 with webauth.io and with https://demo.yubico.com/playground.
On both, fido2 passwordless does not work! u2f works.
I also tried the Chrome settings as mentioned above:
Same problem, security key does not support a pin.
I have following key: Nitrokey FIDO2 2.2.0
Thank you for the report @michaelrommel@alois . We will definitely check this. All should work with the latest v2.2.0 firmware. By design it should work with Google Chrome and any desktop applications handling FIDO2 devices - no need for additional application. We plan to add such in the future, but not as a requirement.
@alois The posted article is outdated. hmac-secret is supported. Custom password store, OpenGPG and SSH not.
I just tried to secure a microsoft account with the key.
So there is a real application.
Looks like they do only support passwordless. (description: without useraname and password)
Tried this with chrome and my nitrokey.
Still without success.