Native U2F
Install NuGet Packages
Before starting, add our NuGet source and install the SDK packages.
Initialize the Hardware Security SDK
To use the SDK’s functionality in your app, you need to initialize the SecurityKeyManager first.
This is the central class of the SDK, which dispatches incoming NFC and USB connections.
Perform this initialization in the onCreate method of your Application subclass.
This ensures Security Keys are reliably dispatched by your app while in the foreground.
We start by creating a new class which extends Application as follows:
[Application]
public class HwsecurityApplication : Application
{
public HwsecurityApplication(IntPtr handle, JniHandleOwnership ownerShip) : base(handle, ownerShip)
{
}
public override void OnCreate()
{
base.OnCreate();
SecurityKeyManager securityKeyManager = SecurityKeyManager.Instance;
SecurityKeyManagerConfig config = new SecurityKeyManagerConfig.Builder()
.SetEnableDebugLogging(true)
.Build();
securityKeyManager.Init(this, config);
}
}
Register a SecurityCallback
The SecurityKeyManager provides callbacks on Security Key interaction.
If you implement your own callbacks you can use these and interact with the Security Key.
Implementing ISecurityKeyCallback provides the method OnSecurityKeyDiscovered that will be called when the a Security Key is connected over NFC or USB.
class SecurityKeyCallback : Java.Lang.Object, ISecurityKeyCallback
{
public void OnSecurityKeyDiscovered(Java.Lang.Object securityKey)
{
FidoSecurityKey key = (FidoSecurityKey)securityKey;
// This method is call every time a Security Key is discovered if the callback is registered.
}
}
Register this callback by SecurityKeyManager.RegisterCallback() in the Activity’s onCreate() method.
It is a good idea to do that in the Activity that should handle Security Keys.
Here is an example implementation of a MainActivity that handles FIDO U2F Security Keys:
[Activity(Label = "@string/app_name", Theme = "@style/AppTheme.NoActionBar", MainLauncher = true)]
public class MainActivity : AppCompatActivity, ISecurityKeyCallback
{
protected override void OnCreate(Bundle savedInstanceState)
{
base.OnCreate(savedInstanceState);
Xamarin.Essentials.Platform.Init(this, savedInstanceState);
SetContentView(Resource.Layout.activity_main);
SecurityKeyManager securityKeyManager = SecurityKeyManager.Instance;
securityKeyManager.RegisterCallback(new FidoSecurityKeyConnectionMode(), this, this);
}
public void OnSecurityKeyDiscovered(Java.Lang.Object securityKey)
{
FidoSecurityKey key = (FidoSecurityKey)securityKey;
// This method is called every time a Security Key is discovered, when the MainActivity is open
}
}
Perform a FIDO U2F Registration
The webservice must be registered to the Security Key.
The SDK provides the FidoRegisterRequest class for that.
To perform a registration with the Security Key, call FidoSecurityKey.RegisterAsync().
Note: Performing actions on Security Keys is only possible if it is available.
public void OnSecurityKeyDiscovered(Java.Lang.Object securityKey)
{
FidoSecurityKey key = (FidoSecurityKey)securityKey;
string fidoAppId = "https://fido-login.example.com";
string fidoFacetId = FidoFacetIdUtil.GetFacetIdForApp(this);
byte[] challengeBytes = ... // 16 bytes random challenge
string registerChallenge = WebsafeBase64.EncodeToString(challengeBytes);
FidoRegisterRequest registerRequest = FidoRegisterRequest.Create(fidoAppId, fidoFacetId, registerChallenge);
key.RegisterAsync(registerRequest, callback, lifecycleOwner);
}
By implementing IFidoRegisterCallback a callback can be implemented that is called on the result of the operation.
Perform a FIDO U2F Authentication
Perform a FIDO U2F Authentication is similar to the registration.
FidoAuthenticateRequest class is provided for that.
The authentication is performed with FidoSecurityKey.AuthenticateAsync().
public void OnSecurityKeyDiscovered(Java.Lang.Object securityKey)
{
FidoSecurityKey key = (FidoSecurityKey)securityKey;
string fidoAppId = "https://fido-login.example.com";
string fidoFacetId = FidoFacetIdUtil.GetFacetIdForApp(this);
byte[] challengeBytes = ... // 16 bytes random challenge
string authChallenge = WebsafeBase64.EncodeToString(challengeBytes);
FidoAuthenticateRequest authenticateRequest = FidoAuthenticateRequest.Create(fidoAppId, fidoFacetId, authChallenge, registeredKeyHandle);
key.AuthenticateAsync(authenticateRequest, callback, lifecycleOwner);
}
By implementing IFidoAuthenticateCallback a callback can be implemented that is called on the result of the operation.
Congratulations!
That’s all! If you have any questions, don’t hesitate to contact us: