Hello,
Is there an Apex testing card?
I want to ask some colleagues from fintech companies to test their available features with Apex.
Apex Flex is in. Settled pretty close to my knuckle, but Iām not overly concerned.
Had an amazing experience setting it up as a backup fido device on my Google account. Everything ājust workedā TM, including desktop auth (windows+firefox)
3 Likes
did you use the u2f or fido2 beta applet?
U2F, I tried the FIDO2 app too for fun, it installs but throws a āThis Key Cannot Be Usedā error on registering.
1 Like
where? with which service?
Google account.
Ok thanks
Isnāt this a certification thing? I know google doesnāt support any security key, but yubikeys for example.
Not something Iāve seen, docs say āany Fido compliantā device. If they were going to lock it down Iād assume theyād do it to just their own titan keys.
So this is where things get annoying. Fido2 has some core features that must be supportedā¦ and a collection of various optional features that may be supportedā¦ you knowā¦ those terms often used in specification documentsā¦ must and may and shallā¦ anyway, Microsoft and Google apparently require some of those may featuresā¦ so itās possible to be fully fido2 compliant with all those must features, but still not work with a particular relying party because they require some optional features be supported.
7 Likes
So is it just software that would need to be adjusted to add those in or is it a hardware issue?
Software. This is why our fido2 applet is still considered beta.
1 Like
I just recently set up a few Yubikeys and the difference in how each service does ā2FAā and talks to the key is quite surprising.
Am keen to get testing with the Apex (soon TM).
1 Like
Managed to get PGP working on Mac and Windows with the key stored only on the Yubikey as well 
Good practice for knowing what to expect when testing Apex applets but Iām still unclear on how the correct applets gets selected/runs at the right time šµāš«
1 Like
Each applet has an AID or Application IDentifierā¦ it can be whatever you want basically, but certain AIDs are āwell knownā or built into actual standards. For example, on an NFC type 4 transponder, the NDEF container has an AID that is defined by the standard. The same goes with fido2 and OpenPGPā¦ so when a reader finds a transponder that supports ISO7816 smart card APDUs over iso14443 contactless, then the application behind the reader can try to select an AID to instantiate and run it. Once running, the applet can support whatever commands it wants, all passed over APDUs.
Make sense?
3 Likes
Yes! Sounds sensible.
I guess thatās also the case with smart cards, and devices like the Yubikey then.
2 Likes
Smart cards yes. I assume maybe yes with yubikeyā¦ not sureā¦ havenāt actually used but I assume so.
Actually if you look closely at some credit card payment receipts like from convenience stores or gas stations, sometimes they print out the actual payment applet AID used right on the reciept.
4 Likes
Speaking of payments, ever since I found out fidesmo pay supports curve Iāve been a simmering pile of rage against MasterCard. Not that I was exactly a fan before, but point stands.
1 Like