1. Yubico
  2. Individuals
  3. Individual Guides

Getting YubiKeys to work with Firefox and Chromium Snaps for WebAuthn and PIV authentication

Avatar
Matthew Legitt
Created - Updated

1. Introduction

This article provides steps on how to get both Firefox and Chromium snaps to see and use the YubiKey on Ubuntu Desktop 24+:

 

2. Requirements

  • Download and install YubiKey Manager CLI
  • Download and install Yubico PIV Tool
  • Make sure the PC/SC daemon and YubiKey tools are installed (needed for Firefox PIV and to test detection):
sudo apt update
sudo apt install pcscd yubikey-manager yubico-piv-tool ykcs11
sudo systemctl enable --now pcscd
sudo systemctl start pcscd

 

3. Connect the YubiKey and test

Insert the YubiKey and confirm if it is recognized using YubiKey Manager CLI:

ykman info

If the YubiKey is recognized, information similar to below should be displayed.

C:\>ykman info
Device type: Security Key C NFC
Firmware version: 5.4.3
Form factor: Keychain (USB-C)
Enabled USB interfaces: FIDO
NFC transport is enabled

4. Firefox (Snap)

By default the Firefox snap is confined, so you need to grant it raw USB access:

sudo snap connect firefox:raw-usb  
sudo snap connect firefox:password-manager-service
  • FIDO U2F / WebAuthn
    1. Open Firefox and go to about:config
    2. Search for security.webauth.u2f and make sure it’s set to true.
    3. Test the YubiKey with a FIDO U2F-supported service to ensure it is working correctly. You can use websites like GitHub, Google, or any other service that supports FIDO U2F for testing.

  • PIV (PKCS#11 smart-card) support
    1. In Firefox go to Preferences → Privacy & Security → Security Devices
    2. Click Load, give it a name (“YubiKey PIV”) and point it to the PIV module, e.g.:
/usr/lib/x86_64-linux-gnu/libykcs11.so
  1. Restart Firefox and confirm you can see your PIV certificates.

5. Chromium (Snap)

Chromium’s snap uses a dedicated U2F interface. Connect it (and optionally raw-USB and hardware-observe) like this:

sudo snap connect chromium:u2f-devices  
sudo snap connect chromium:hardware-observe  
sudo snap connect chromium:raw-usb        # optional, if you still run into issues

Restart Chromium and try a WebAuthn login (e.g. GitHub). 

Once you’ve run these commands and restarted your browsers, they’ll be able to detect and use the YubiKey for both WebAuthn (FIDO U2F) and PIV workflows.