DEVHIDE
Login Or Sign up

Does the Security Key C NFC from Yubico support Fido2 largeBlob extension, using the browser?

123 Views Asked by At

I would like to use a Security Key C NFC with Fido2 largeBlobs https://docs.yubico.com/yesdk/users-manual/application-fido2/large-blobs.html

According to the documentation, the device should support it. The Security Key C NFC supports FIDO2/WebAuth.

I am using Chrome for testing which supports largeBlob extensions, I tested it using the Virtual Authentication Environment and it works as intended.

I am using @simplewebauthn/browser and server for the relying party.

However when I connect my Yubi Key, largeBlob is not supported.

Here is my authenticatorSelection I use when I start registering the key:

{
    "residentKey": "required",
    "userVerification": "required",
    "requireResidentKey": true
}

The extensions I need:

{
    "largeBlob": {
        "support": "preferred"
    },
    "credProps": true
}

And what I received back from the authenticator, largeBlob is not supported...

{
    "credProps": {
        "rk": true
    },
    "largeBlob": {
        "supported": false
    }
}

The browser does support it else the largeBlob key in the object would be undefined, but seems like the Yubi key doesn't?

The demo for largeBlobs also doesn't work https://webauthn-large-blob.glitch.me/ as it fails to store the blob.

webauthn yubico yubikey passkey
Original Q&A
2

There are 2 best solutions below

0
joostd On

LargeBlob is a fairly new extension, so it will only be implemented by recently manufactured security keys.

You can check if a security key supports largeBlob using the fido2-token tool:

$ fido2-token -I ioreg://4295240530 | grep largeBlobs
options: rk, up, uv, noplat, uvToken, alwaysUv, credMgmt, authnrCfg, bioEnroll, clientPin, largeBlobs, pinUvAuthToken, setMinPINLength, nomakeCredUvNotRqd, credentialMgmtPreview, userVerificationMgmtPreview​

One security key that supports largeBlobs is the YubiKey Bio.

0
agl On

If you're using Chrome on macOS or Linux, you can also do any operation with the security key from the browser and see the transcript on chrome://device-log. One of the responses from the security key will be its getInfo, which will contain the list of extensions. So, if you don't see the string largeBlob on that page, then it doesn't support it.

Note that largeBlob has a very specific use. If you're looking to store/encrypt data, you probably want the PRF extension.

Related Questions in WEBAUTHN

Related Questions in YUBICO

Related Questions in YUBIKEY

Related Questions in PASSKEY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.