VivoKey Apex Applet Poll

r00t · August 6, 2023, 7:44pm

Reading the tech specs of P71D321 I see this

Multi-application enabled by MIFARE FleX® with MIFARE® DESFire® EV2 up to 16KB and MIFARE Plus® EV1 up to 4KB (including MIFARE Classic® support)

also this
https://www.mifare.net/en/products/chip-card-ics/mifare-on-smartmx/

Does it means that there can be applet that instruct the Apex to act as a mifare desfire ev2 and/or mifare plus ev1 + classic ?

Also something very interesting is

Configurable 7 Byte UID, 4 Byte Random ID or 4 Byte NUID

Did anyone researched this MIFARE FleX features ?

amal · August 6, 2023, 9:36pm

Generally this is a ROM mask option that is loaded for emulation. It has to be set at the time of manufacturer basically. Fidesmo P40 chips had my fair classic emulation turned on but there are issues with the emulation. For example, you cannot specify UID. That in itself is kind of annoying. I believe the p60 version had desfire emulation enabled, but I don’t believe the P71 version has any emulation option loaded. This was because the option burned up a lot of memory in the ROM mask and not a lot of customers or people were using it.

amal · August 6, 2023, 9:45pm

I’ve not seen this before. Seems new for the P71… though as I mentioned I don’t believe it’s enabled on the Fidesmo ROM mask for Apex.

Pilgrimsmaster · August 7, 2023, 5:14am

Probably a good time to bump this Poll / THREAD

My thought being, Amal and the Developers can use this Poll as a gauge to see what the customers want, and MAY focus their time on the frontrunners

But before I do that, Here’s an update on the progress,

ALMOST ALL HAVE BEEN DEVELOPED

~~Vivokey OTP~~

~~VivoKey U2F~~

~~VivoKey WebAuthn~~

~~VivoKey PGP~~

~~VivoKey NDEF~~

~~VivoKey NAK~~

~~BitCoin Wallet~~ ( Not in the original list )

~~Vivokey GIDS~~ * isn’t worth deploying at this time since Microsoft is abandoning it over Fido / azure…

Therefore The only remaining Applets on the original list are

VivoKey KeePass (would need specific development outside of an applet and gids )
VivoKey PIV

I would still like to see a KeePass at somestage, but it will probably be a lot of work and expensive to develop, so who knows if /when we will see that…

Does anybody have more suggestions of what you would like to see developed and added to the Vivokey APEX arsenal?

Just reply to my post, I will give it a couple of weeks and build another poll so the developers can keep an eye on it for ideas / inspiration…

If you don’t ask, you dont get

Put your thinking caps on

mrln · August 7, 2023, 5:46am

Monero wallet

tac0s · August 7, 2023, 6:48am

Apple Home Key, Door Deck?

charly · August 7, 2023, 7:26am

Userfriendly hardwarewallets for at least BTC, ETH and XMR.

charly · August 7, 2023, 8:44am

Easy-to-use PIN-secured, encrypted storage with adjustable size for regular files

pac · August 7, 2023, 12:44pm

an eth wallet applet for apex already exists

charly · August 7, 2023, 1:12pm

Yes, for BTC too. Satochip, which is really cool, but without an app for android.
I’m thinking about one app which is usable for all cryptos.

r00t · August 7, 2023, 2:24pm

bummer, thanks again
Hopefully we see the fido2 applet come to prod soon

amal · August 7, 2023, 2:38pm

We are basically at the stage now where our fido2 applet is “certification ready”. The version currently available on Fidesmo is feature complete, thoroughly tested, and it is what we will be taking through the certification process. It’s what I am running on my Apexes now.

Of course, certification could reveal other issues but I really doubt it. The only difference that’s guaranteed is that the attestation certificate loaded in with the certified version will be different and will appear differently in the Fido metabase. For most people though, that won’t matter.

StarGate01 · August 7, 2023, 10:11pm

What do you mean by KeePass? The HMAC-SHA1 applet is supported by KeePassXC, and FIDO2 support is in development.

In my opinion KeePassXC is the favored and futureproof branch of the KeePass format.

Pilgrimsmaster · August 14, 2023, 6:07am

Little Bump
Bump GIFs | Tenor

So far we have

Monero wallet
Apple Home Key
Door Deck
User friendly hardware wallets for at least BTC, ETH and XMR
Easy-to-use PIN-secured, encrypted storage with adjustable size for regular files

charly · August 14, 2023, 7:00am

EMV payment enabled

BryanJacobs · August 14, 2023, 7:15am

PIV is very thoroughly available in GitHub - makinako/OpenFIPS201: An open source reference card application for NIST FIPS 201-2 / NIST SP800-73-4, targeting Javacard 3.0.4+ .

BryanJacobs · August 14, 2023, 7:16am

I’m not sure keepassxc FIDO2 is “in development” per se. I’m working on an implementation for keepassxc, pykeepass, and keepassdx (android), but it’s a spare-time thing.

I contributed a spec and have it half-working in Python code but it’s a ways out if nobody else implements it.

Dean · August 17, 2023, 10:34pm

Would that certification make it work with Windows Hello? Or is that a seperate Microsoft thing?

amal · August 18, 2023, 1:36am

Just like everything else, the answer is… It depends. Windows Hello is a platform for authentication, but using a Fido token with Windows for login is only possible in your computer is a member of an Entra ID (formerly azure ad) domain.

amal · August 18, 2023, 1:39am

As far as I know, you don’t necessarily need a certified token to use it with entra ID but you can’t use it by default. You would have to go through a process of setting up your domain to accept unknown and/or un-certified tokens. The default is a short list of certified tokens… such that you actually have to apply to have your certified token accepted without question. So the first hurdle is getting certification and the next hurdle is applying to Microsoft to have your token recognized by their system as something to accept as secure by default.