Chapter 1

Glossary

  • FIDO: Fast Identity Online, an open industry alliance dedicated to setting and promoting passwordless authentication standards.
  • WebAuthn: Web Authentication, an authentication protocol defined by W3C. Its device-side implementations include CTAP 2.1/2.0 protocols.
  • Passkey: A Passkey is an implementation of WebAuthn. CanoKey can store Passkey keys through the CTAP protocol.
  • OpenPGP: Open Pretty Good Privacy, an open standard protocol used for encrypting and signing data, widely used for securing communications such as emails. CanoKey supports all mandatory features in OpenPGP 3.4.1.
  • GnuPG: Gnu Privacy Guard, a free software tool implementing the OpenPGP standard, used for encrypting and signing data.
  • PIV: Personal Identity Verification, a U.S. government identity authentication standard designed to enhance personal identity verification security. CanoKey supports all mandatory and some extended features of the PIV standard.
  • NDEF: NFC Data Exchange Format, a standard format for exchanging data between NFC devices. CanoKey supports emulation of NFC tags compliant with the NDEF format.
  • OTP: One-Time Password, a single-use password used for one-time authentication, enhancing security and often used in two-factor authentication. Common OTPs include HOTP and TOTP. CanoKey supports storing keys for both OTP types.
  • HOTP: HMAC-based One-Time Password, a one-time password generated based on the HMAC (Hash-based Message Authentication Code) algorithm.
  • TOTP: Time-based One-Time Password, a dynamic one-time password based on time, generated using the current time and a shared key.
  • WebUSB: A protocol that allows web pages to directly communicate with USB devices, simplifying device connection and data transfer. CanoKey supports configuration via WebUSB.

Default PINs

During the use of CanoKey, users will encounter various PINs. This page lists all default passwords and descriptions, aiming to help users distinguish different PINs.

PIN Name Default Value Description
Admin PIN 123456 Used to manage different applications on CanoKey, such as resetting applications, modifying NDEF configurations, etc.
FIDO2 PIN No default value Some FIDO2 applications that enforce PIN usage will ask for this password. FIDO2 PIN has no preset value. Users will be prompted to set the FIDO2 PIN when they first use a FIDO2 application that forces PIN usage, at which point the user can set this PIN themselves.
OpenPGP PIN 123456 Used for regular OpenPGP operations, such as OpenPGP signing, etc.
OpenPGP Admin PIN 12345678 Used for management operations of the OpenPGP application. For example, it is required when generating an OpenPGP key pair on CanoKey or modifying OpenPGP key attributes.
PIV PIN 123456 Used for regular PIV operations, such as PIV identity verification, signing through PKCS#11 call to PIV, etc.
PIV PUK 12345678 Used to unlock the PIV PIN if the PIV PIN gets locked.