yubikey-touch-detector: Not detecting U2F from WebAuthn?

I am unsure if i am doing something wrong here, so please bear with me.

I started the application using the command

yubikey-touch-detector -v

and i got the output here:

DEBU[2020-03-07T11:11:22-05:00] Starting YubiKey touch detector
DEBU[2020-03-07T11:11:22-05:00] SSH watcher is successfully established
DEBU[2020-03-07T11:11:22-05:00] GPG watcher is successfully established
DEBU[2020-03-07T11:11:22-05:00] U2F watcher is successfully established

Then i went here and typed a random username and clicked register, then yubikey started flashing and the website showed a screen for me to touch the yubikey, however the output of the terminal didnt change.

I am trying to integrate this with waybar, and i used the same script listed here

however when running this script i got a error saying the following :

waybar-yubikey
nc: invalid option -- 'U'
Try `nc --help' for more information.

I then made a modification to make -U lowercase and be -u but then i got this error:

Error: Couldn't resolve host "/run/user/1000/yubikey-touch-detector.socket"

I have no idea how to continue, i went to that url in the browser and the socket file does exist… so i have no idea why netcat isn’t able to connect to it. Any help?

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 19 (9 by maintainers)

Most upvoted comments

@ChadTaljaardt would you be able to test U2F detection in this binary? It’s a complete rewrite of U2F/FIDO2 support that doesn’t depend on any file watcher hacks, but properly reading HID device according to the spec. Thanks!

UPDATED LINK 2: new-u2f.tar.gz

+1
maximbaz on Apr 21, 2020

Awesome! Happy to help, enjoy, and thanks for even letting me know about WebAuthn 😄

+1
maximbaz on Mar 8, 2020

I have found a promising way to detect all U2F requests that does not depend on pam-u2f, will get back to you later with something to test 🙂

+1
maximbaz on Mar 8, 2020

Hey, thanks for reporting!

I confirm that the app does not detect it. The reason we can detect U2F when pam is involved in the first place is simply because I was able to tap into pam-u2f codebase and add some marker that yubikey-touch-detector can use.

When browsers request U2F, they don’t use pam-u2f, so the markers don’t get created. Furthermore, I’m afraid different browsers use different code for U2F communication, and there is no “common ground” such as a driver or a library where we would be able to inject some code to help us detect this event…

I’m very much open to ideas on how to detect this.

nc: invalid option – ‘U’ Try `nc --help’ for more information.

Make sure to install openbsd version of netcat, if you are on Arch Linux, it’s openbsd-netcat.

+1
maximbaz on Mar 7, 2020
Read more comments on GitHub
← wluma: Crash with AMD GPU
yubikey-touch-detector: U2F notification does not work →