A Linux-native implementation of FIDO2 and FIDO U2F Platform API, fully written in Rust.
This library supports multiple transports (see Transports for a list) via a pluggable interface, making it easy to add additional backends.
This repository is now part of the Credentials for Linux project, and was previously known as xdg-credentials-portal.
The Credentials for Linux project aims to offer FIDO2 platform functionality (FIDO U2F, and WebAuthn) on Linux, over a D-Bus Portal interface.
Looking for the D-Bus API proposal? Check out platform-api.
- FIDO U2F
- π’ Registration (U2F_REGISTER)
- π’ Authentication (U2F_AUTHENTICATE)
- π’ Version (U2F_VERSION)
- FIDO2
- π’ Create credential
- π’ Verify assertion
- π’ Biometric user verification
- π’ Discoverable credentials (resident keys)
- FIDO2 to FIDO U2F downgrade
- π’ Basic functionality
- π’ Support for excludeList and pre-flight requests
- PIN/UV Protocols
- π’ PIN/UV Auth Protocol One
- π’ PIN/UV Auth Protocol Two
- PIN/UV Operations
- π’ GetPinToken
- π’ GetPinUvAuthTokenUsingPinWithPermissions
- π’ GetPinUvAuthTokenUsingUvWithPermissions
- Passkey Authentication
- π’ Discoverable credentials (resident keys)
- π’ Hybrid transport (caBLE v2): QR-initiated transactions ([#52][#52]: iOS only)
- π Hybrid transport (caBLE v2): State-assisted transactions (#31: planned)
| USB (HID) | Bluetooth Low Energy (BLE) | NFC | TPM 2.0 (Platform) | Hybrid (caBLEv2) | |
|---|---|---|---|---|---|
| FIDO U2F | π’ Supported (via hidapi) | π’ Supported (via bluez) | π Planned (#5) | π Planned (#4) | N/A |
| WebAuthn (FIDO2) | π’ Supported (via hidapi) | π’ Supported (via bluez) | π Planned (#5) | π Planned (#4) | π Partly implemented (#31) |
After cloning, you can try out one of the libwebauthn examples:
$ cd libwebauthn
$ git submodule update --init
$ cargo run --example webauthn_hid
$ cargo run --example webauthn_cable
$ cargo run --example u2f_hid
We welcome contributions!
If you'd like to contribute but you don't know where to start, check out the Issues tab.