Xamarin.Android C# Preview

Xamarin.Android exposes the complete Android SDK for .NET developers. It can be used to build fully native Android apps using C# in Visual Studio.

We provide early access to a Xamarin-ready release of the FIDO U2F parts of our Hardware Security SDK.

Future Plans

If there is enough demand for the Xamarin version, we will prioritize its development. Please contact us if you are working on a C# project. Based on the requirements, we will then work on the following tasks:

  • Support user interface components, especially FidoDialogFragment
  • Automatic updates via NuGet repository and package
  • Support other protocols besides FIDO

FIDO U2F Guide

Xamarin Preview on Github: Get Preview on Github

Import Hardware Security SDK

We provide C# bindings for our SDK:

Download and add them as reference to your project. Keep in mind that the hwsecurity_fido_util.dll is not required. It only provides local validation classes for testing purposes.

Install missing NuGet packets

  • Xamarin.Android.Support.Constraint.Layout
  • Xamarin.JakeWharton.Timber

Add AndroidDexTool d8 to your Project

Add the following line to the <Projectname>.csproj. This made Java 8 language features available, which is a dependency.

<AndroidDexTool>d8</AndroidDexTool>

Initialize Security Key Manager

Create an Application subclass. The SecurityKeyManager should be initialized here. It is the central class of the SDK, which dispatches incoming NFC and USB connections. In further uses, the SecurityKeyManager.Instance is the proper way to get the singleton.

[Application]
public class HWSecurityApplication : Application
{
    public HWSecurityApplication(IntPtr handle, JniHandleOwnership ownerShip) : base(handle, ownerShip)
    {
    }

    public override void OnCreate()
    {
        // If OnCreate is overridden, the overridden c'tor will also be called.
        base.OnCreate();

        SecurityKeyManager securityKeyManager = SecurityKeyManager.Instance;
        SecurityKeyManagerConfig config = new SecurityKeyManagerConfig.Builder()
            .SetEnableDebugLogging(true)
            .Build();

        securityKeyManager.Init(this, config);
    }
}

Register a SecurityCallback

The SecurityKeyManager provides callbacks on Security Key interaction. If you implement your own callbacks you can use these and interact with the Security Key. Implementing ISecurityKeyCallback provides the method OnSecurityKeyDiscovered that will be called when the a Security Key is connected over NFC or USB.

class SecurityKeyCallback : Java.Lang.Object, ISecurityKeyCallback
{
    public void OnSecurityKeyDiscovered(Java.Lang.Object securityKey)
    {
      FidoSecurityKey key = (FidoSecurityKey)securityKey;
      // This method is call every time a Security Key is discovered if the callback is registered.
    }
}

Register this callback by SecurityKeyManager.RegisterCallback() in the Activity’s onCreate() method.

It is a good idea to do that in the Activity that should handle Security Keys. Here is an example implementation of a MainActivity that handles FIDO U2F Security Keys:

[Activity(Label = "@string/app_name", Theme = "@style/AppTheme.NoActionBar", MainLauncher = true)]
public class MainActivity : AppCompatActivity, ISecurityKeyCallback
{

    protected override void OnCreate(Bundle savedInstanceState)
    {
        base.OnCreate(savedInstanceState);
        Xamarin.Essentials.Platform.Init(this, savedInstanceState);
        SetContentView(Resource.Layout.activity_main);

        SecurityKeyManager securityKeyManager = SecurityKeyManager.Instance;
        securityKeyManager.RegisterCallback(new FidoSecurityKeyConnectionMode(), this, this);
    }

    public void OnSecurityKeyDiscovered(Java.Lang.Object securityKey)
    {
        FidoSecurityKey key = (FidoSecurityKey)securityKey;
        // This method is called every time a Security Key is discovered, when the MainActivity is open
    }
}

Perform a FIDO U2F Registration

The webservice must be registered to the Security Key. The SDK provides the FidoRegisterRequest class for that. To perform a registration with the Security Key, call FidoSecurityKey.RegisterAsync().

Note: Performing actions on Security Keys is only possible if it is available.

public void OnSecurityKeyDiscovered(Java.Lang.Object securityKey)
{
    FidoSecurityKey key = (FidoSecurityKey)securityKey;

    string fidoAppId = "https://fido-login.example.com";
    string fidoFacetId = FidoFacetIdUtil.GetFacetIdForApp(this);
    byte[] challengeBytes = ... // 16 bytes random challenge
    string registerChallenge = WebsafeBase64.EncodeToString(challengeBytes);
    FidoRegisterRequest registerRequest = FidoRegisterRequest.Create(fidoAppId, fidoFacetId, registerChallenge);

    key.RegisterAsync(registerRequest, callback, lifecycleOwner);
}

By implementing IFidoRegisterCallback a callback can be implemented that is called on the result of the operation.

Perform a FIDO U2F Authentication

Perform a FIDO U2F Authentication is similar to the registration. FidoAuthenticateRequest class is provided for that. The authentication is performed with FidoSecurityKey.AuthenticateAsync().

public void OnSecurityKeyDiscovered(Java.Lang.Object securityKey)
{
    FidoSecurityKey key = (FidoSecurityKey)securityKey;
    
    string fidoAppId = "https://fido-login.example.com";
    string fidoFacetId = FidoFacetIdUtil.GetFacetIdForApp(this);
    byte[] challengeBytes = ... // 16 bytes random challenge
    string authChallenge = WebsafeBase64.EncodeToString(challengeBytes);
    FidoAuthenticateRequest authenticateRequest = FidoAuthenticateRequest.Create(fidoAppId, fidoFacetId, authChallenge, registeredKeyHandle);

    key.AuthenticateAsync(authenticateRequest, callback, lifecycleOwner);
}

By implementing IFidoAuthenticateCallback a callback can be implemented that is called on the result of the operation.

Full example

A full example is provided in a GitHub repository. Consult it to fully understand the SDK usage.

Get Preview on Github