Unable to register/auth with NK FIDO2

Hello everyone,

I seem to be unable to get my NK FIDO2 to work.
I’ve installed https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules under /etc/udev/rules.d/.
lsusb shows the key as Bus 003 Device 011: ID 20a0:42b1 Clay Logic
Upon insertion dmesg shows the following output:

[ 4303.490607] usb 3-1: New USB device found, idVendor=20a0, idProduct=42b1, bcdDevice= 1.00
[ 4303.490613] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 4303.490616] usb 3-1: Product: Nitrokey FIDO2 1.1.0
[ 4303.490619] usb 3-1: Manufacturer: Nitrokey
[ 4303.490621] usb 3-1: SerialNumber: 20753375344B
[ 4303.492665] hid-generic 0003:20A0:42B1.000D: hiddev96,hidraw0: USB HID v1.11 Device [Nitrokey Nitrokey FIDO2 1.1.0] on usb-0000:00:14.0-1/input0

and the key blinks once.
When attempting to register or log in at u2f.bin.coffee or webauthn.io firefox shows the “you can authorize now” message, but the key remains dark and I am unable to proceed.
A solokey I also own works fine on both test sites.

Any ideas how I can troubleshoot this issue further?


The mentioned Udev file missed update and that is why you do not have access to the device as a user, sorry about that. Will fix this in a minute.

I actually missed, that the rule for NK FIDO2 is already there.

  • Have you tried to restart your OS and then trying again?
  • You can install the Udev rules solely for this device from [1].
  • Alternatively you can try to install legacy rules for the older Udev [1][2].
  • What OS are you using?

The device is correctly detected in the system log, and single blink means it is in operational state.

[1] https://github.com/Nitrokey/nitrokey-fido2-firmware/tree/master/udev
[2] https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey_old.rules

Hi sz,
3) did it for me. I removed the “new” udev rules and installed the 41-nitrokey_old.rules and now the key works. Maybe it was related to permissions?

Edit: It seems to be related to permissions. Using the only the new udev rule it returns to the previous behaviour. After manually running chown root:plugdev /dev/hidraw0 and chmod 660 /dev/hidraw0 the key works.

Edit2: So as far as my own investigation goes the issue is this: uaccess apparently is a tag used by systemd to manage permissions. I’m not using systemd, hence the permissions for the /dev/hid* device were not set.