Re: [FIDO-DEV] Digest for [email protected] - 4 updates in 1 topic

[email protected]

Google Groups

Topic digest
View all topics

• Support for FIDO CTAP 2.1 BLE Security Key Credential Management on Android - 4 Updates

Support for FIDO CTAP 2.1 BLE Security Key Credential Management on Android

Shreyank <[email protected]>: Jul 30 04:36AM -0700 Hi,   I’m working with a *Bluetooth Low Energy (BLE)*-based security key built using an STM32 module, which supports *FIDO2 CTAP 2.1*. On Windows 11, I’ve been managing credentials—like setting a PIN, enrolling a fingerprint, or resetting the key—through:   *Settings → Accounts → Sign-in options **→ S**ecurity key**→ Manage.*   However, recently, this functionality has stopped working. When I click any button within the Windows Hello setup (e.g., to set PIN or fingerprint), the UI crashes immediately.   Due to this and some other limitations, I’m planning to move away from Windows. Unfortunately, Linux or macOS are not viable options for my use case. Although I am interested to see if any app exists on those platforms also. So, I’m left with *Android* as the only platform I can use for managing the security key.   Here's the challenge: I haven’t been able to find *any Android app (open-source or commercial)*—on the Play Store or elsewhere—that allows FIDO credential management (e.g., set/reset PIN, fingerprint enrollment, etc.) for external BLE-based security keys.   My current understanding is that Android may *block communication with certain FIDO-related BLE UUIDs*, likely for security or platform policy reasons. The Source code of the android also suggests something similar, click here <https://android.googlesource.com/platform/packages/apps/Bluetooth/%2B/6f7f9bbf46acaaf266537256da4d0345909ea1c4/src/com/android/bluetooth/gatt/GattService.java#:~:text=(currSrvc);-,isRestrictedSrvc%20=,isFidoSrvcUuid(el.uuid),-%7C%7C%20isAndroidTvRemoteSrvcUuid(> .   So, my question is:   *Is it possible to interact with FIDO BLE services from a third-party Android app without rooting the device or installing a custom ROM?* If yes, are there any workarounds or libraries available?   I’d greatly appreciate any insights or guidance. If there are any low-level technical approaches, APIs, or code examples that could help build a custom solution, I'd be more than happy to explore them.   Thank you!   Best regards, *Shreyank R. B.*

My1 <[email protected]>: Jul 31 12:16AM +0200 last time I checked they even axed the general use of BLE on Android with their update that enabled CTAP2-interactions (like PIN and RKs and stuff) over USB. like I dont even get the choice for using BLE even if the transaction only involves U2F-Style elements.   Am Do., 31. Juli 2025 um 00:02 Uhr schrieb Shreyank <

John Bradley <[email protected]>: Jul 30 05:07PM -0700 Microsoft is aware of the regression for managing all security keys. I am told they are trying to get a fix out as soon as possible.   Over USB there are tools that you could use in admin mode. For BLE I would check with the authenticator manufacturer. Good luck.   Sent from my iPhone   On Jul 30, 2025, at 3:02 PM, Shreyank <[email protected]> wrote:      Hi,   I'm working with a Bluetooth Low Energy (BLE)-based security key built using an STM32 module, which supports FIDO2 CTAP 2.1. On Windows 11, I've been managing credentials—like setting a PIN, enrolling a fingerprint, or resetting the key—through:   Settings → Accounts → Sign-in options → Security key→ Manage.   However, recently, this functionality has stopped working. When I click any button within the Windows Hello setup (eg, to set PIN or fingerprint), the UI crashes immediately.   Due to this and some other limitations, I'm planning to move away from Windows. Unfortunately, Linux or macOS are not viable options for my use case. Although I am interested to see if any app exists on those platforms also. So, I'm left with Android as the only platform I can use for managing the security key.   Here's the challenge:   I haven't been able to find any Android app (open-source or commercial)—on the Play Store or elsewhere—that allows FIDO credential management (eg, set/reset PIN, fingerprint enrollment, etc.) for external BLE-based security keys.   My current understanding is that Android may block communication with certain FIDO-related BLE UUIDs, likely for security or platform policy reasons. The Source code of the android also suggests something similar, click here.   So, my question is:   Is it possible to interact with FIDO BLE services from a third-party Android app without rooting the device or installing a custom ROM?   If yes, are there any workarounds or libraries available?   I'd greatly appreciate any insights or guidance. If there are any low-level technical approaches, APIs, or code examples that could help build a custom solution, I'd be more than happy to explore them.   Thank you!   Best regards,   Shreyank R. B.   --   You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.   To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].   To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/0284b91c-90fa-44e1-8dba-43d6599cca98n%40fidoalliance.org.

Alex Seigler <[email protected]>: Jul 31 12:50AM Would this regression mentioned have anything to do with the credential id coming from the server having invalid base64 encoding? I sure hope so. That's been busted since mid-November 2024.   -aseigler ________________________________ From: [email protected] <[email protected]> on behalf of John Bradley <[email protected]> Sent: Wednesday, July 30, 2025 8:07:25 PM To: Shreyank <[email protected]> Cc: Dev FIDO <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]> Subject: Re: [FIDO-DEV] Support for FIDO CTAP 2.1 BLE Security Key Credential Management on Android   Microsoft is aware of the regression for managing all security keys. I am told they are trying to get a fix out as soon as possible.   Over USB there are tools that you could use in admin mode. For BLE I would check with the authenticator manufacturer. Good luck. Sent from my iPhone   On Jul 30, 2025, at 3:02 PM, Shreyank <[email protected]> wrote:      Hi,   I’m working with a Bluetooth Low Energy (BLE)-based security key built using an STM32 module, which supports FIDO2 CTAP 2.1. On Windows 11, I’ve been managing credentials—like setting a PIN, enrolling a fingerprint, or resetting the key—through:   Settings → Accounts → Sign-in options → Security key→ Manage.   However, recently, this functionality has stopped working. When I click any button within the Windows Hello setup (e.g., to set PIN or fingerprint), the UI crashes immediately.   Due to this and some other limitations, I’m planning to move away from Windows. Unfortunately, Linux or macOS are not viable options for my use case. Although I am interested to see if any app exists on those platforms also. So, I’m left with Android as the only platform I can use for managing the security key.   Here's the challenge: I haven’t been able to find any Android app (open-source or commercial)—on the Play Store or elsewhere—that allows FIDO credential management (e.g., set/reset PIN, fingerprint enrollment, etc.) for external BLE-based security keys.   My current understanding is that Android may block communication with certain FIDO-related BLE UUIDs, likely for security or platform policy reasons. The Source code of the android also suggests something similar, click here<https://android.googlesource.com/platform/packages/apps/Bluetooth/%2B/6f7f9bbf46acaaf266537256da4d0345909ea1c4/src/com/android/bluetooth/gatt/GattService.java#:~:text=(currSrvc);-,isRestrictedSrvc%20=,isFidoSrvcUuid(el.uuid),-%7C%7C%20isAndroidTvRemoteSrvcUuid(>.   So, my question is:   Is it possible to interact with FIDO BLE services from a third-party Android app without rooting the device or installing a custom ROM? If yes, are there any workarounds or libraries available?   I’d greatly appreciate any insights or guidance. If there are any low-level technical approaches, APIs, or code examples that could help build a custom solution, I'd be more than happy to explore them.   Thank you!   Best regards, Shreyank R. B.   -- You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:fido-dev+unsubscribe@fidoalliance.org>. To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/0284b91c-90fa-44e1-8dba-43d6599cca98n%40fidoalliance.org<https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/0284b91c-90fa-44e1-8dba-43d6599cca98n%40fidoalliance.org?utm_medium=email&utm_source=footer>.   -- You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:fido-dev+unsubscribe@fidoalliance.org>. To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/22EB2F48-CD5D-4143-AE8D-B07EB5045EEC%40ve7jtb.com<https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/22EB2F48-CD5D-4143-AE8D-B07EB5045EEC%40ve7jtb.com?utm_medium=email&utm_source=footer>.

Back to top

You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page. To unsubscribe from this group and stop receiving emails from it send an email to [email protected].