Skip to content

bulwarkid/virtual-fido

Repository files navigation

Virtual FIDO

Also check out Bulwark Passkey, a passkey manager based on VirtualFIDO that is currently in beta!

Virtual FIDO is a virtual USB device that implements the FIDO2/U2F protocol (like a YubiKey) to support 2FA and WebAuthN. Please note that this software is still in beta and under active development, so APIs may be subject to change.

Features

  • Support for both Windows and Linux through USB/IP (Mac support coming later)
  • Connect using both U2F and FIDO2 protocols for both normal 2FA and WebAuthN
  • Store credentials in an encrypted format with a passphrase
  • Store credential data anywhere (example provided: a local file)
  • Generic approval mechanism for credential creation and login (example provided: terminal-based)

How it works

Virtual FIDO creates a USB/IP server over local TCP to attach a virtual USB device. This USB device then emulates the USB/CTAP protocols to provide U2F/FIDO services to the host computer. In the demo, credentials created by the virtual device are stored in a local file, and approvals are done using the terminal.

Demo Usage

Go to the YubiKey test page in order to test WebAuthN.

Windows

Run go run ./cmd/demo start to attach the USB device. Run go run ./cmd/demo --help to see more commands, such as to list or delete credentials from the file.

Linux

Note that this tool requires elevated permissions.

  1. Run sudo modprobe vhci-hcd to load the necessary drivers.
  2. Run sudo go run ./cmd/demo start to start up the USB device server. Authenticate when sudo prompts you; this is necessary to attach the device.