libfido2 provides library functionality and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures.
libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.
For usage, see the examples/
directory.
libfido2 is licensed under the BSD 2-clause license. See the LICENSE file for the full license text.
libfido2 is known to work on Linux, MacOS, Windows, OpenBSD, and FreeBSD.
On Linux, experimental NFC support is available in git HEAD.
Documentation is available in troff and HTML formats. An online mirror of libfido2's documentation is also available.
-
.NET: Fido2Net
-
Go: go-libfido2
-
Perl: p5-FIDO-Raw
-
Rust: libfido2
The current release of libfido2 is 1.7.0. Please consult Yubico’s release page for source and binary releases.
$ sudo apt install libfido2-1 $ sudo apt install libfido2-dev $ sudo apt install libfido2-doc
Alternatively, newer versions of libfido2 are available in Yubico’s PPA. Follow the instructions for Ubuntu 18.04 (Bionic) below.
$ sudo apt install software-properties-common $ sudo apt-add-repository ppa:yubico/stable $ sudo apt update $ sudo apt install libfido2-dev
$ brew install libfido2
Or from source, on UNIX-like systems:
$ (rm -rf build && mkdir build && cd build && cmake ..) $ make -C build $ sudo make -C build install
Depending on the platform, pkg-config may need to be installed, or the PKG_CONFIG_PATH environment variable set.
libfido2 depends on libcbor, OpenSSL, and zlib. On Linux, libudev (part of systemd) is also required.
For complete, OS-specific installation instructions, please refer to the
.actions/
(Linux, MacOS) and windows/
directories.
On Linux, you will need to add a udev rule to be able to access the FIDO device, or run as root. For example, the udev rule may contain the following:
#udev rule for allowing HID access to Yubico devices for FIDO support. KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \ MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050"
On Windows 1903 and newer versions, access to FIDO devices has been restricted to applications using the operating system’s native API. Use of libfido2 is still possible in privileged applications.