To configure the Firefox Snap application to use a YubiKey via pcscd using the YubiKey Manager CLI and ykcs11 from the Yubico PIV tool, follow these steps:
1. Install necessary packages
Ensure you have pcscd, YubiKey Manager CLI, and Yubico PIV tool installed:
sudo apt-get update
sudo apt-get install pcscd yubikey-manager yubico-piv-tool
2. Start the pcscd service
Start the pcscd service and enable it to start on boot:
sudo systemctl start pcscd
sudo systemctl enable pcscd
3. Connect the YubiKey and test
Insert your YubiKey and use YubiKey Manager CLI to confirm it is recognized:
ykman info
If the YubiKey is recognized, information similar to following should be displayed.
C:\>ykman info
Device type: Security Key C NFC
Firmware version: 5.4.3
Form factor: Keychain (USB-C)
Enabled USB interfaces: FIDO
NFC transport is enabled
4. Connect the YubiKey to the Firefox Snap
To allow the Firefox Snap to use the YubiKey, connect the raw-usb interface:
sudo snap connect firefox:raw-usb
5. Install the ykcs11 library
The ykcs11 library is part of the Yubico PIV tool package. Locate the library path:
locate libykcs11.so
It is usually found in /usr/lib/x86_64-linux-gnu/libykcs11.so or similar.
6. Configure Firefox to use ykcs11
- Open Firefox.
- Enter about:preferences in the address bar.
- In the left hand column, click Privacy & Security
- Under the Security section, click Security Devices.
- Click Load and provide the following information:
- Module Name: YubiKey PIV
-
Module filename: /usr/lib/x86_64-linux-gnu/libykcs11.so (adjust this path if your system uses a different location - refer to step 5).
7. Restart Firefox
To ensure the changes take effect, restart Firefox.
8. Test the YubiKey
Test the YubiKey with a supported service to ensure it is working properly.
Troubleshooting
If you encounter any issues, check the following:
- Ensure pcscd is running:
sudo systemctl status pcscd
- Verify the Snap connections:
snap connections firefox
- Check Firefox logs for any errors related to the security device.