BryanJacobs

You can see the comment linked above, but I was asked to repost this here: I tried out this PR as-is, but ran into serious problems in Slack (an Electron...

Versions: System: Arch Linux - Sway 1.7-2 - Wlroots 0.15.1-2 - Slack-wayland AUR 4.23.0 - Plover from your exact branch - Machine: Gemini PR via serial (emulated from a QMK...

I've raised a pull request again hwsecurity to add support for hmac-secret. No response yet from the maintainers, but the GPLv3 license of that library would permit bundling a fork...

I went ahead and reported a bug with upstream and they've merged a change that looks to me like it would fix the broken playback on Linux with the current...

I opened that pull request, and since nobody has responded in the months since, I think it's safe to say that hwsecurity is indeed unmaintained.

I am in the process of writing a suitable FIDO2 Platform implementation that could be used for this feature: https://github.com/BryanJacobs/FIDOk/ . It's not ready yet: although technically things work with...

I've raised https://gitlab.com/kunzisoft/android-hardware-key-driver/-/merge_requests/12 to make supporting hmac-secret here possible.

Relevant sections from https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#sctn-hmac-secret-extension : ``` The authenticator chooses which CredRandom to use for next step based on whether user verification was done or not in above steps. If uv...

Note: you can work around this issue and make the unlock succeed by enabling the `alwaysUv` FIDO2 feature prior to enrollment. If you do this, the authenticator reject's systemd's attempt...

One more comment: I'd recommend sending the credProtect extension with the value `3` if the user asks to require a client PIN. That way the authenticator will (if it supports...