Firefox Snap with FIDO U2F Authentication


To configure the Firefox Snap application to use a YubiKey as a FIDO U2F (Universal 2nd Factor) device, ensure that the Snap package has the necessary permissions to access the YubiKey. Below is a step-by-step guide to achieve this.

1. Install pcscd and YubiKey Manager (CLI)

First, install the pcscd package and YubiKey Manager (CLI):

sudo apt-get update

sudo apt-get install pcscd yubikey-manager

 

2. Start the pcscd service

Start the pcscd service and enable it to initialize on boot:

sudo systemctl start pcscd

sudo systemctl enable pcscd

 

3. Connect the YubiKey and test

Insert the YubiKey and confirm if it is recognized using YubiKey Manager CLI:

ykman info

If the YubiKey is recognized, information similar to below should be displayed.

C:\>ykman info
Device type: Security Key C NFC
Firmware version: 5.4.3
Form factor: Keychain (USB-C)
Enabled USB interfaces: FIDO
NFC transport is enabled

 

4. Connect the YubiKey to the Firefox Snap

To allow the Firefox Snap to use the YubiKey, you need to connect the raw-usb interface:

sudo snap connect firefox:raw-usb

sudo snap connect firefox:password-manager-service

 

5. Enable FIDO U2F in Firefox

Ensure that FIDO U2F is enabled in Firefox. By default, it should be enabled, but you can check and enable it manually:

  1. Open Firefox.
  2. Enter about:config in the address bar.
  3. Accept the risk warning to proceed.
  4. Search for security.webauth.u2f.
  5. Make sure the value is set to true. If not, double-click the entry to change it to true.

6. Test the YubiKey as a FIDO U2F device

Test the YubiKey with a FIDO U2F-supported service to ensure it is working correctly. You can use websites like GitHub, Google, or any other service that supports FIDO U2F for testing.


Troubleshooting

If you encounter any issues, check the following:

  • Ensure pcscd is running:
    sudo systemctl status pcscd
  • Verify the Snap connections:
    snap connections firefox
  • Look at Firefox logs for any errors related to FIDO U2F devices.

Example commands for YubiKey Manager CLI

To manage your YubiKey using the CLI, you can use the following commands:

Check YubiKey info:

ykman info

 

Ensure FIDO U2F application on the YubiKey is enabled:

ykman fido list
bulb-light-icon.svg Tip: This will list the connected FIDO devices along with their status


Following the above steps should enable your Firefox Snap app to use the YubiKey as a FIDO U2F device. If you encounter issues or require further assistance, please provide the error messages or symptoms for additional support.