I made my Yubico Authenticator for Mac read my Apex, which is a huge leap for me. However, I’m unable to use it for authentication. If I try to create a pin, it says “Unknown Error,” and the Authenticator is just greyed out. I’m learning all of this as I go.
Is anyone out there up for a challenge to check out the code for mac? I can send all the files in the contents, which is different from the PC download (I was able to get everything in parallels with everything provided in this thread).
We have decided to change the AID for the vivokey OTP applet to match the yubico AID. We will change an internal command to be able to identify VivoKey versions vs yubico versions but the basic functions of yubico software should work with the VivoKey applet on apex.
This change will come later on with the release of the apex manager software.
Will it be possible to “upgrade” applets with the Apex Manager? I’m having issues now with having both “productive” data on the applets and having to destroy/install for new versions testing.
Eventually apex manager will be able to manage apps too… but for now we are only focusing on managing the apps once they are deployed… things like pushing keys into HMAC-SHA1 and OTP
I can install and use it on flex secure and yubiko authenticator. Can i enable it on apex?
gp -load vivokey-otp.cap gp -package A0000007470061FC54D501 -applet A0000007470061FC54D50101 -create A000000527210101
Unfortunately no. Deployment of applets is not supported with gpp on Apex
Is this still planned? Once we distribute the Vivokey OTP applet using the Yubikey-compatible AID, it should work with both the Vivokey authenticator (after an update) and the Yubico one.
When are you planning to publish the modifyed compatible applet
I think there’s just a small thing that needs sorting first and that’s the idea of getting the version from the applet so we can identify the difference between yubico and VivoKey applet and the version of each.
We might also explore just using an AID scheme to do this such that the VivoKey version will have an extended AID we can try to select. Yubico applications will select it based on the shorter AID and succeed which VivoKey specific applications will need the full extended AID
Thoughts @StarGate01
Both options are possible. I’ll do some testing - there is the possibility that Yubico selects not by prefix, but by fixed-length AID (which is something you can choose), in which case the extended AID would fail.
But since this is now the official way forward, I’ll change the applet to match.
can you publish both of the applets like the ndef and fido applets?
you can find the source code and binaries of all open-source applets here: GitHub - DangerousThings/flexsecure-applets: Collection of JavaCard applets for the FlexSecure, as well as build and testing scripts, and documentation.
I meant publish both vivokey otp and yubico otp on the fidesmo platform for apex
i know what you’re saying but the problem at hand is VivoKey working to support arbitrary changes that come to the yubico tools vs building our own. Our OTP applet codebase is shifting slightly from yubico’s and our toolset will as well, so publishing two versions of the applet becomes even less sustainable. I think our approach of using the same yubico AID base and extending it for VivoKey so we can tell the difference between a yubikey presented to our tools and a VivoKey OTP applet, that’s a good compromise. Then we can choose how to treat it, and on the yubico side their tools should work too as long as they don’t implement some radical changes.
okay I think I understand. I hope you find a good solution soon. does vivokey otp have a limit on how many otp:s can be stored? i can only enter 14 but have 16 codes on my yubikeys
in theory it should be limited to memory but we can check again to see if there is some other limit imposed. what is the error when you attempt to store a 15th OTP key?
No error. Only nothing saved
ok i would file that as a bug. doe the yubikey behave the same way when trying to store the 17th key?
