So this is where things get annoying. Fido2 has some core features that must be supported… and a collection of various optional features that may be supported… you know… those terms often used in specification documents… must and may and shall… anyway, Microsoft and Google apparently require some of those may features… so it’s possible to be fully fido2 compliant with all those must features, but still not work with a particular relying party because they require some optional features be supported.
7 Likes
So is it just software that would need to be adjusted to add those in or is it a hardware issue?
Software. This is why our fido2 applet is still considered beta.
1 Like
I just recently set up a few Yubikeys and the difference in how each service does ‘2FA’ and talks to the key is quite surprising.
Am keen to get testing with the Apex (soon TM).
1 Like
Managed to get PGP working on Mac and Windows with the key stored only on the Yubikey as well 
Good practice for knowing what to expect when testing Apex applets but I’m still unclear on how the correct applets gets selected/runs at the right time 😵💫
1 Like
Each applet has an AID or Application IDentifier… it can be whatever you want basically, but certain AIDs are “well known” or built into actual standards. For example, on an NFC type 4 transponder, the NDEF container has an AID that is defined by the standard. The same goes with fido2 and OpenPGP… so when a reader finds a transponder that supports ISO7816 smart card APDUs over iso14443 contactless, then the application behind the reader can try to select an AID to instantiate and run it. Once running, the applet can support whatever commands it wants, all passed over APDUs.
Make sense?
3 Likes
Yes! Sounds sensible.
I guess that’s also the case with smart cards, and devices like the Yubikey then.
2 Likes
Smart cards yes. I assume maybe yes with yubikey… not sure… haven’t actually used but I assume so.
Actually if you look closely at some credit card payment receipts like from convenience stores or gas stations, sometimes they print out the actual payment applet AID used right on the reciept.
4 Likes
Speaking of payments, ever since I found out fidesmo pay supports curve I’ve been a simmering pile of rage against MasterCard. Not that I was exactly a fan before, but point stands.
1 Like
It could easily be done but we’re not allowed to have nice things
I have my hack diary of the process on hackaday 
Ha! I can empathize with this. I had a collection of hate mail, death threats and other fun stories when I got my implant. One person called me Electric Jesus hahahahaha!
7 Likes
I hope you took that as a nickname! Sounds badass.
3 Likes
Found an example of this in the real.
I’m starting to realise the Apex is actually a very old idea made new in a sense, and I wonder has anyone tried something like this before?
What I mean is that smart cards and NFC have existed for a long time, but have been the domain of government entities or payments companies and Apex seems to be an attempt to democratise that.
Am I way off the mark?
1 Like
That’s a weird way of saying “making it implantable”… These technologies have made their way into the market in many ways but so far, it’s been easier for each company to issue a separate card altogether. Fidesmo is addressing this and Amal is adding more features and making implantable options available.
Hopefully, credit card processors will get less paranoid about implants one day…
4 Likes
Hahaha yes ok,
I just don’t think many people would consider having a ‘super cyber’ multi app smart card in their wallet to do all the things Apex will be able to do, so this seems different somehow, even though as you rightly point out it’s just that it’s implanted really.
1 Like