FIDO2/U2F

Supports

The implementations are following CTAP2 and CTAP1/U2F specifications.

Supported features:

• Up to 64 resident keys
• The HMAC extension
• Ed25519

Multi-Factor Authentication

You can use your CanoKey as a 2FA device on many websites.

PIN

The PIN is not set by default. You may set a new PIN using Windows Hello or other possible applications.

OpenSSH

You may use the following command to generate a private key for ssh. See here for more info.

ssh-keygen -t ecdsa-sk
# or you prefer ed25519
ssh-keygen -t ed25519-sk

PAM

Use pam_u2f provided by Yubico. One common scenario is sudo.

HMAC-secret extension

Possible applications:

• khefin, for LUKS full disk encryption.
• Windows Hello