Our team bought several Nitrokey 3 and tried to set them up using Windows, but it seems to be impossible to do it there without admin rights - which we dont have on our computers, and when used with elevated priveledges, the permissions on the fido2 key gets incorrect for the actual user.
Is it possible to use the key/app as a regular non-elevated user? Everything works fine on my Linux desktop, but thats not viable for the rest of my team mates.
FIDO2 in the browser should work as non-elevated user. The rest not so much as there were changes in Windows 10:
Microsoft activated WebAuthn APIs and while doing so they blocked direct access in Windows for regular users using CTAP interface (…for “Security” reasons…).
When these APIs are in use, Windows 10 browsers or applications don’t have direct access to the FIDO2 transports for FIDO-related messaging.
is there some kind of workaround for creation and management of the keys? We primarily wont use the keys for browser usage, but for ssh.
There is a project that uses Windows Hello APIs to interact with FIDO2 keys. Not tested but this should work without Administrator privileges.
