I like the idea of providing applet update versions. We build and test all applets using CI anyway.
6 Likes
You mean for Fido creds?
1 Like
Yes sir
Iām gonna say something thatās never been said on this site beforeā¦
Soon
10 Likes
For real though, we def have plans for this in the not too distant future.
6 Likes
3 posts were merged into an existing topic: Israelserbian247 Recent post collective
Added configuration support for the HMAC SHA-1 applet
Thank you! And thanks for preserving this (and other functionality) for working with non-DT devices, such as the P71 test cards I use.
I was actually going to suggest that DT intern/implement their own HMAC-SHA1 configuration, since before this the only option that worked with both Apex and naked P71 chips was the 7-year old yktool from a developerās personal projects.
I started a guide for configuring and testing an Apex and FlexSecure/P71 to make use of all of the Yubikey style apps (fido, otp, and hmac). Iāll update it with the new capabilities of the Apex Manager and throw it up in the next week or so.
Super cool to see how all of this has progressed over the past couple of years. Updates to the Apex Manager, new applets, the KeePassXC PR, working LUKS setups, the plans for an Apex/DT cloud, etc. All of that is making the Apex become the security device I had hoped for when I first heard about RFID implants a decade ago.
As the barriers to using the chip for really useful things gets lower I think more and more people will want it. Now if only there was a mag-style automatic door handle that worked with itā¦
I do have a mild concern about some of the applets and companion applications being closed source. Totally understand the (I presume) business and branding reasons are for it, but given just how high the potential stakes are for what an Apex can secure, knowing that all of the code behind it is open to being examined for vulnerabilities adds may be an important factor in the future. For now, having the source code available for most of the applets is enough, and I hope that trend continues.
5 Likes
Canāt wait to pour over your guide once you release it!
2 Likes
can this be built into the build process to basically output a file online like a public repo or something that the app can just query without us needing to host it on a deployment server?
WARNING: The question above was generated by an extremely confused and uninformed semi-concious engram construct.
5 Likes
Yes, we will figure something out.
5 Likes
Will itā¦ be figured outā¦ Soonā¢ ?
4 Likes
We use Duo at work, and I was able to add my Apex to the web apps that use it, but I can only add a yubi key for āofflineā windows logins. If I generate an HMAC, would I be able to add the Apex as an offline key? Has anyone had success using DUO and an APEX (other than web apps? That works fine and amazes coworkers when I use it to log into the timesheet or hr sites!)
I believe there are settings in your IdP (Duo and Entra ID from Microsoft) that basically let you control which types of security tokens are able to be used. They rely on the attestation cert of the security key. I believe you load the AAGUID to the list. The Fido app we use does have a cert loaded but itās not ācertifiedā by Fido.
1 Like
Gotcha! Thanks!
See also: Duo Administration - Use YubiKeys with Duo | Duo Security . FIDO2 is supported by the Apex, the custom Yubico OTP API service is not.
3 Likes
4 posts were merged into an existing topic: Israelserbian247 Recent post collective
I guess Iāll keep waiting before I order an Apex Flex 
fyi Cybernetic isnāt officially available in AUā¦
1 Like
have you considered getting a FlexSecure?
thatās the plan but Iām not switching away from hardware auth-keys for work anytime soon so I can hope the lazy solution (cough cough apex) will be shown some love in the meantimeā¦ plus, kinda want both
2 Likes