Skip to content

Instantly share code, notes, and snippets.

@fvclaus

fvclaus/Yubikey as PIV in Firefox on Ubuntu.md

Last active September 18, 2023 09:35
Show Gist options
  • Save fvclaus/98ee20cf91daf119dcd6914245bd5e21 to your computer and use it in GitHub Desktop.
Save fvclaus/98ee20cf91daf119dcd6914245bd5e21 to your computer and use it in GitHub Desktop.
Download ZIP
Use Yubikey as PIV in Firefox on Ubuntu
Raw
Yubikey as PIV in Firefox on Ubuntu.md

Install yubikey-manager

sudo apt install yubikey-manager

Check output with ykman list. If it displays output like YubiKey 5 Nano (5.4.3) [OTP+FIDO+CCID] Serial: XXXXX then proceed to the next step. If your Yubikey is not recognized, maybe the following helps: https://support.yubico.com/hc/en-us/articles/360013708900-Using-Your-U2F-YubiKey-with-Linux. If you see a warning WARNING: PC/SC not available, you need to execute sudo systemctl start pcscd.service and sudo systemctl enable pcscd.service.

Compile yubikey-piv-tool

Go here https://developers.yubico.com/yubico-piv-tool/ and compile according to instructions. Test it with yubico-piv-tool -astatus. If it displays Failed to connect to yubikey. and /var/log/syslog displays errors such as Can't claim interface 3/4: LIBUSB_ERROR_BUSY, another application might be causing problems, for me it was ausweisapp2. After uninstalling ausweisapp2 it worked fine again.

Add YKCS11 security module to Firefox

https://developers.yubico.com/yubico-piv-tool/YKCS11/Supported_applications/firefox.html

As of May 2023 the snap installation of Firefox cannot communicate with the module due to some security restriction. The current workaround is install Firefox manually. After adding the module, it should look like this: YKCS11 module loaded in Firefox. The certificates should be visible under "View Certificates > Your Certificates"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment