I'm not a believer in FIDO2 nor U2F/FIDO1 fan. These two FIDO specs uses a USB-HID protocol. The USB-CCID protocol affords a much greater number of trusted computing application protocols (https://ambimat.com/developer-resources/list-of-application-identifiers-aid/) and trusted computing hardware support (https://ccid.apdu.fr/ccid/section.html) with the open source PCSC-lite (https://pcsclite.apdu.fr/api/group__API.html) interface that enables developers to get down and dirty with actionable low level programming of ISO 7816 compliant chips.
Coding this way minimizes on chip and vendor hardware lock-in.
Coding to a subset of this specification (https://gnupg.org/ftp/specs/) enables bKeyPer code function with either YubiKeys or NitroKeys.
#yubikey #oauth #onlykeys #ccid #openpgp #nitrokeys
