Using Token2 FIDO2 keys under Linux
Although many modern versions of Linux have native support for FIDO2 USB keys, quite a lot still do not support them out of the box. The reason is that, by default, USB dongles can't be accessed by users, for security reasons. To allow user access, so-called "udev rules" must be installed.
It is quite easy to fix this: manually, create a file like 70-token2-access.rules under your /etc/udev/rules.d directory with the following content
# this udev file should be used with udev 188 and newer
ACTION!="add|change", GOTO="u2f_end"
# Key-ID FIDO U2F
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="349e", ATTRS{idProduct}=="0010", TAG+="uaccess"
LABEL="u2f_end"
Additionally, run the following command after you create this file (it is not necessary to do this again in the future):
sudo udevadm control --reload-rules && sudo udevadm trigger
Hardware IDs
The IDs shown in the code above are given as an example only. Follow the instructions below to find the ID values of other security key models.
For use with some applications, such as security software, you may need to know the USB product ID (PID) of the FIDO security key you have. You can use the steps below to find the USB PID of your device.
Windows
- Open Devices and Printers in the Control Panel.
- Right-click on the icon for the FIDO Security key and choose Properties.
- Click on the Hardware tab.
- Click on Properties button
- Click on Details tab.
- Change Property drop down to Hardware IDs.
- You will see the PID listed.
Linux
- Open Terminal.
- Run: lsusb | grep -i FIDO
- You will see pairs of VendorID:ProductID listed.
macOS
- Open System Report (Apple Menu > About This Mac > System Report).
- Navigate to Hardware > USB.
- Select the FIDO key.
- See the Product ID below.
VID/PID Table
The vendor identification and product identification (VID/PID) data for the latest FIDO2 products from Token2 products is shown in the table below:
Model
|
VID
|
PID1
(for FIDO)
|
PID2
(for OTP on FIDO)
|
PID3
(for FIDO+ OTP)
|
USB only
|
0x349E
|
0x0010
|
0x0011
|
0x0012
|
USB+NFC
|
0x349E
|
0x0020
|
0x0021
|
0x0022
|
USB+Fingerprint
|
0x349E
|
0x0200
|
0x0201
|
0x0202
|