Protocols

CanoKey supports the following protocols:

• U2F / FIDO2
• OpenPGP Smart Card 3.4
• PIV (NIST SP 800-73-4)
• OATH
• NDEF
• WebUSB

Besides, CanoKey also provides an additional admin applet to manage the key.

U2F / FIDO2

The implementations are following CTAP2 and CTAP1/U2F specifications.

Supported features:

• Up to 64 resident keys
• The HMAC extension
• Ed25519

OpenPGP Smart Card 3.4

CanoKey implements all the mandatory features of the specification. Besides, the following optional features are also implemented:

• PUT DATA with TAG C4
• Algorithms
  • RSA 2048 (generate on card / import) / 4096 (import only)
  • ECDSA and ECDH: secp256r1 (NIST P256) / secp384r1 (NIST P384) / secp256k1
  • Ed25519 and X25519

Note that the following features are not supported:

• KDF
• Secure Messaging
• AES
• Command: MANAGE SECURITY ENVIRONMENT

PIV

CanoKey implements most of the mandatory features of the specification.

The following features are not supported:

• Data objects:
  • Cardholder Fingerprints
  • Security Object
  • Cardholder Facial Image
• Secure Messaging

OATH

Please refer to the OATH documentation.

Admin Applet

Please refer to the Admin Applet documentation.

NDEF

NFC Forum Type-4 Tag.

The maximum capacity of NDEF message is 1022-bytes.

WebUSB

Please refer to the WebUSB documentation.