June 2022 VivoKey Apex Flex update

Hello,

Is there an Apex testing card?
I want to ask some colleagues from fintech companies to test their available features with Apex.

Apex Flex is in. Settled pretty close to my knuckle, but I’m not overly concerned.

Had an amazing experience setting it up as a backup fido device on my Google account. Everything “just worked” TM, including desktop auth (windows+firefox)

3 Likes

did you use the u2f or fido2 beta applet?

U2F, I tried the FIDO2 app too for fun, it installs but throws a “This Key Cannot Be Used” error on registering.

1 Like

where? with which service?

Google account.

Ok thanks

Isn’t this a certification thing? I know google doesn’t support any security key, but yubikeys for example.

Not something I’ve seen, docs say “any Fido compliant” device. If they were going to lock it down I’d assume they’d do it to just their own titan keys.

So this is where things get annoying. Fido2 has some core features that must be supported… and a collection of various optional features that may be supported… you know… those terms often used in specification documents… must and may and shall… anyway, Microsoft and Google apparently require some of those may features… so it’s possible to be fully fido2 compliant with all those must features, but still not work with a particular relying party because they require some optional features be supported.

7 Likes

So is it just software that would need to be adjusted to add those in or is it a hardware issue?

Software. This is why our fido2 applet is still considered beta.

1 Like

I just recently set up a few Yubikeys and the difference in how each service does ‘2FA’ and talks to the key is quite surprising.

Am keen to get testing with the Apex (soon TM).

1 Like

Managed to get PGP working on Mac and Windows with the key stored only on the Yubikey as well :innocent:

Good practice for knowing what to expect when testing Apex applets but I’m still unclear on how the correct applets gets selected/runs at the right time 😵‍💫

1 Like

A post was merged into an existing topic: Apex Flex Release for Vivokey Beta Testers?

Each applet has an AID or Application IDentifier… it can be whatever you want basically, but certain AIDs are “well known” or built into actual standards. For example, on an NFC type 4 transponder, the NDEF container has an AID that is defined by the standard. The same goes with fido2 and OpenPGP… so when a reader finds a transponder that supports ISO7816 smart card APDUs over iso14443 contactless, then the application behind the reader can try to select an AID to instantiate and run it. Once running, the applet can support whatever commands it wants, all passed over APDUs.

Make sense?

3 Likes

Yes! Sounds sensible.

I guess that’s also the case with smart cards, and devices like the Yubikey then.

2 Likes

Smart cards yes. I assume maybe yes with yubikey… not sure… haven’t actually used but I assume so.

Actually if you look closely at some credit card payment receipts like from convenience stores or gas stations, sometimes they print out the actual payment applet AID used right on the reciept.

4 Likes

Speaking of payments, ever since I found out fidesmo pay supports curve I’ve been a simmering pile of rage against MasterCard. Not that I was exactly a fan before, but point stands.

1 Like