A Linux-native implementation of FIDO2 and FIDO U2F Platform API, fully written in Rust.
This library supports multiple transports (see Transports for a list) via a pluggable interface, making it easy to add additional backends.
This repository is now part of the Credentials for Linux project, and was previously known as xdg-credentials-portal.
The Credentials for Linux project aims to offer FIDO2 platform functionality (FIDO U2F, and WebAuthn) on Linux, over a D-Bus Portal interface.
Looking for the D-Bus API proposal? Check out credentialsd.
- FIDO U2F
- 🟢 Registration (U2F_REGISTER)
- 🟢 Authentication (U2F_AUTHENTICATE)
- 🟢 Version (U2F_VERSION)
 
- FIDO2
- 🟢 Create credential
- 🟢 Verify assertion
- 🟢 Biometric user verification
- 🟢 Discoverable credentials (resident keys)
 
- FIDO2 to FIDO U2F downgrade
- 🟢 Basic functionality
- 🟢 Support for excludeList and pre-flight requests
 
- PIN/UV Protocols
- 🟢 PIN/UV Auth Protocol One
- 🟢 PIN/UV Auth Protocol Two
 
- PIN/UV Operations
- 🟢 GetPinToken
- 🟢 GetPinUvAuthTokenUsingPinWithPermissions
- 🟢 GetPinUvAuthTokenUsingUvWithPermissions
 
- Passkey Authentication
- 🟢 Discoverable credentials (resident keys)
- 🟢 Hybrid transport (caBLE v2): QR-initiated transactions
- 🟢 Hybrid transport (caBLE v2): State-assisted transactions (remember this phone)
 
| USB (HID) | Bluetooth Low Energy (BLE) | NFC | TPM 2.0 (Platform) | Hybrid (caBLEv2) | |
|---|---|---|---|---|---|
| FIDO U2F | 🟢 Supported (via hidapi) | 🟢 Supported (via bluez) | 🟠 Planned (#5) | 🟠 Planned (#4) | N/A | 
| WebAuthn (FIDO2) | 🟢 Supported (via hidapi) | 🟢 Supported (via bluez) | 🟠 Planned (#5) | 🟠 Planned (#4) | 🟢 Supported | 
After cloning, you can try out one of the libwebauthn examples:
$ cd libwebauthn
$ git submodule update --init
$ cargo run --example webauthn_hid
$ cargo run --example webauthn_cable
$ cargo run --example u2f_hid
We welcome contributions!
Join the discussion on Matrix at #credentials-for-linux:matrix.org.
If you don't know where to start, check out the Issues tab.