fido2-manage is a tool allowing to manage FIDO2.1 devices over USB or NFC, including Passkey (resident keys) management
fido2-manage is licensed under the BSD 2-clause license. See the LICENSE file for the full license text.
fido2-manage should work on any Linux distribution, but we develop and test using Ubuntu. This library is partially forked from libfido2 to provide a FIDO2.1 key management tool under the Linux platform (we already have a solution for Windows).
FIDO2.1 (PRE or FINAL) keys from any brand can be used. However, with FIDO2.0 keys, no passkey management is possible. As a result, only basic information will be shown with 2.0 devices.
If you haven't installed Git yet, please do so (sudo apt install git
)
git clone https://github.com/Token2/fido2-manage.git
cd fido2-manage
sudo apt install -y zlib1g-dev pkg-config
sudo apt install -y cmake libcbor-dev libpcsclite-dev libssl-dev libudev-dev
rm -rf build && mkdir build && cd build && cmake -USE_PCSC=ON ..
cd ..
make -C build
sudo make -C build install
sudo ldconfig
chmod 755 fido2-manage.sh
./fido2-manage.sh -list
The GUI wrapper (gui.py
) created with Python3 is included in the package and should be ready for use on the latest Ubuntu releases. The only requirement is the tkinter module that can be installed as follows:
sudo apt install -y python3-tk
To run the script, execute it using Python from the same folder:
python3 gui.py
You can download the installer bash script to run all commands in one go
wget https://raw.githubusercontent.com/token2/fido2-manage/main/install-fido2-manage.sh
chmod +x ./install-fido2-manage.sh
./install-fido2-manage.sh
If no errors are shown, then you can launch the GUI:
cd fido2-manage
python3 gui.py
The syntax and command line parameters are similar to our fido2-manage.exe tool for Windows.
Make sure you replace fido2-manage.exe
with fido2-manage.sh
when issuing the commands.
The changes implemented in our fork differ from the original code in the following ways:
- Human-readable command line arguments, consistent with our Windows command line tool
- The ability to send the PIN as a command line parameter
- Displaying the Username (UPN) in the credential output list.
To allow coexistence with the original tool, our version will be compiled and installed under the name 'fido2-token2'.
git clone https://github.com/Token2/fido2-manage.git
cd fido2-manage
rm -rf build && mkdir build && cd build && cmake -USE_PCSC=ON ..
cd ..
make -C build
sudo make -C build install
sudo ldconfig
chmod 755 fido2-manage.sh
sudo apt install -y python3-tk
sudo pacman -S tk
python3 gui.py