To configure the Firefox Snap application to use a YubiKey as a FIDO U2F (Universal 2nd Factor) device, ensure that the Snap package has the necessary permissions to access the YubiKey. Below is a step-by-step guide to achieve this.
1. Install pcscd and YubiKey Manager (CLI)
First, install the pcscd package and YubiKey Manager (CLI):
sudo apt-get update
sudo apt-get install pcscd yubikey-manager
2. Start the pcscd service
Start the pcscd service and enable it to initialize on boot:
sudo systemctl start pcscd
sudo systemctl enable pcscd
3. Connect the YubiKey and test
Insert the YubiKey and confirm if it is recognized using YubiKey Manager CLI:
ykman info
If the YubiKey is recognized, information similar to below should be displayed.
C:\>ykman info
Device type: Security Key C NFC
Firmware version: 5.4.3
Form factor: Keychain (USB-C)
Enabled USB interfaces: FIDO
NFC transport is enabled
4. Connect the YubiKey to the Firefox Snap
To allow the Firefox Snap to use the YubiKey, you need to connect the raw-usb interface:
sudo snap connect firefox:raw-usb
sudo snap connect firefox:password-manager-service
5. Enable FIDO U2F in Firefox
Ensure that FIDO U2F is enabled in Firefox. By default, it should be enabled, but you can check and enable it manually:
- Open Firefox.
- Enter about:config in the address bar.
- Accept the risk warning to proceed.
- Search for security.webauth.u2f.
- Make sure the value is set to true. If not, double-click the entry to change it to true.
6. Test the YubiKey as a FIDO U2F device
Test the YubiKey with a FIDO U2F-supported service to ensure it is working correctly. You can use websites like GitHub, Google, or any other service that supports FIDO U2F for testing.
Troubleshooting
If you encounter any issues, check the following:
- Ensure pcscd is running:
sudo systemctl status pcscd
- Verify the Snap connections:
snap connections firefox
- Look at Firefox logs for any errors related to FIDO U2F devices.
Example commands for YubiKey Manager CLI
To manage your YubiKey using the CLI, you can use the following commands:
Check YubiKey info:
ykman info
Ensure FIDO U2F application on the YubiKey is enabled:
ykman fido list
Tip: This will list the connected FIDO devices along with their status
Following the above steps should enable your Firefox Snap app to use the YubiKey as a FIDO U2F device. If you encounter issues or require further assistance, please provide the error messages or symptoms for additional support.