Firefox Snap with PIV Authentication

To configure the Firefox Snap application to use a YubiKey via pcscd using the YubiKey Manager CLI and ykcs11 from the Yubico PIV tool, follow these steps:

1. Install necessary packages

Ensure you have pcscd, YubiKey Manager CLI, and Yubico PIV tool installed:

sudo apt-get update

sudo apt-get install pcscd yubikey-manager yubico-piv-tool


2. Start the pcscd service

Start the pcscd service and enable it to start on boot:

sudo systemctl start pcscd

sudo systemctl enable pcscd


3. Connect the YubiKey and test

Insert your YubiKey and use YubiKey Manager CLI to confirm it is recognized:

ykman info

If the YubiKey is recognized, information similar to following should be displayed.

C:\>ykman info
Device type: Security Key C NFC
Firmware version: 5.4.3
Form factor: Keychain (USB-C)
Enabled USB interfaces: FIDO
NFC transport is enabled


4. Connect the YubiKey to the Firefox Snap

To allow the Firefox Snap to use the YubiKey, connect the raw-usb interface:

sudo snap connect firefox:raw-usb


5. Install the ykcs11 library

The ykcs11 library is part of the Yubico PIV tool package. Locate the library path:


It is usually found in /usr/lib/x86_64-linux-gnu/ or similar.

6. Configure Firefox to use ykcs11

  1. Open Firefox.
  2. Enter about:preferences in the address bar.
  3. In the left hand column, click Privacy & Security
  4. Under the Security section, click Security Devices.
  5. Click Load and provide the following information:
    • Module Name: YubiKey PIV
    • Module filename: /usr/lib/x86_64-linux-gnu/ (adjust this path if your system uses a different location - refer to step 5).

7. Restart Firefox

To ensure the changes take effect, restart Firefox.

8. Test the YubiKey

Test the YubiKey with a supported service to ensure it is working properly.


If you encounter any issues, check the following:

  • Ensure pcscd is running:
    sudo systemctl status pcscd
  • Verify the Snap connections:
    snap connections firefox
  • Check Firefox logs for any errors related to the security device.