libfido2 provides library functionality and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures.
libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.
For usage, see the examples/ directory.
libfido2 is licensed under the BSD 2-clause license. See the LICENSE file for the full license text.
Documentation is available in troff and HTML formats. An online mirror of libfido2's documentation is also available.
-
.NET: Fido2Net
-
Go: go-libfido2
-
Perl: p5-FIDO-Raw
-
Rust: libfido2
The current release of libfido2 is 1.5.0. Please consult Yubico’s release page for source and binary releases.
$ sudo apt install libfido2-1 $ sudo apt install libfido2-dev $ sudo apt install libfido2-doc
Alternatively, newer versions of libfido2 are available in Yubico’s PPA. Follow the instructions for Ubuntu 18.04 (Bionic) and 16.04 (Xenial) below.
$ sudo apt install software-properties-common $ sudo apt-add-repository ppa:yubico/stable $ sudo apt update $ sudo apt install libfido2-dev
$ brew install libfido2
Or from source, on UNIX-like systems:
$ (rm -rf build && mkdir build && cd build && cmake ..) $ make -C build $ sudo make -C build install
Depending on the platform, pkg-config may need to be installed, or the PKG_CONFIG_PATH environment variable set.
For complete, OS-specific installation instructions, please refer to the
.actions/ (Linux, MacOS) and windows/ directories.
On Linux, you will need to add a udev rule to be able to access the FIDO device, or run as root. For example, the udev rule may contain the following:
#udev rule for allowing HID access to Yubico devices for FIDO support.
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \
MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050"
On Windows 1903 and newer versions, access to FIDO devices has been restricted to applications using the operating system’s native API. Use of libfido2 is still possible in privileged applications.