Skip to content

feat: switch from libfido2 to go-ctaphid #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: switch from libfido2 to go-ctaphid #38

wants to merge 1 commit into from
+183 −133

Conversation

savely-krasovsky
Copy link

@savely-krasovsky savely-krasovsky commented Jun 1, 2025
edited
Loading

I am not proposing the merge, but rather a look to the alternative implementation, which I recently wrote. This implementation doesn't require libfido2 and depends only on go-hid library which is still require cgo. Though it could be also replaced in the future to make fully cgo-free implementation. I didn't test it under Linux or macOS, but it 100% works under Windows (though it requires admin rights).

@olastor
Copy link
Owner

olastor commented Jun 1, 2025

@savely-krasovsky Very interesting, thanks for the PR! go-ctaphid is a library that you built and recently published, right? I will try to check it out, but I am probably very hesitant to exchange the bindings of the official libfido2 library with an inofficial library in the near to mid future. I can leave the PR open for public review and feedback 🙂 .

@savely-krasovsky
Copy link
Author

savely-krasovsky commented Jun 1, 2025
edited
Loading

@olastor

go-ctaphid is a library that you built and recently published, right?

Yes! I finished the core few days ago and decided to try it in a real project where I can relatively simple integrate it. Your project fits perfectly. Already found and fixed some rough edges in my API.

I am probably very hesitant to exchange the bindings of the official libfido2 library with an inofficial library in the near to mid future.

100%, I would be the same opinion as a maintainer. I opened this PR for the exact reasons you highlighted -- review and feedback, maybe someone will come across and try it.

I found that Windows requires you to have administrative privileges and I want to fix it by making admin service that will allow you to communicate with FIDO2 devices. Some sort of HID proxy. The main difficulty is to make it secure (Windows prohibits interacting with FIDO-devices with a reason).

@savely-krasovsky
Copy link
Author

savely-krasovsky commented Jun 2, 2025
edited
Loading

This is my prototype of CTAPHID proxy for Windows. Basically it allows to run small privileged proxy as a Windows Service, but programs can connect over named pipe without administrative privileges and communicate with it as it would be a normal HID device.
https://github.com/savely-krasovsky/go-ctaphid-windows-proxy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Proposal / PoC
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@savely-krasovsky @olastor