I finally received the SoloKeys open source FIDO2 U2F security keys I ordered via their KickStarter last year.

They’re little USB devices that you stick into your computer to act as a physical second factor when authenticating to websites (or, potentially, other software). Instead of typing in a code received via SMS or from an authenticator application, you press a button on the device and it cryptographically identifies itself.

That’s the theory, anyway.

SoloKeys on table

Current versions of Firefox and Chrome support U2F via USB, but when I tried pressing the button, nothing happened.

By referring to instructions for a different brand of U2F key, I was able to fix the problem.

First, I needed the USB vendor and product IDs. You can find this by watching the output of dmesg when you plug the key in:

> dmesg -w

You’re looking for something like this:

[600865.652954] usb 1-1.2: USB disconnect, device number 36
[600870.137023] usb 1-1.2: new full-speed USB device number 37 using xhci_hcd
[600870.254772] usb 1-1.2: New USB device found, idVendor=0483, idProduct=a2ca, bcdDevice= 1.00
[600870.254780] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[600870.254785] usb 1-1.2: Product: Solo 2.3.0
[600870.254790] usb 1-1.2: Manufacturer: SoloKeys
[600870.254793] usb 1-1.2: SerialNumber: 208532B1304B
[600870.265170] hid-generic 0003:0483:A2CA.001D: hiddev0,hidraw3: USB HID v1.11 Device [SoloKeys Solo 2.3.0] on usb-0000:00:14.0-1.2/input0

In this case, and the case of both Solo and Solo Tap, the magic numbers are 0483 for the vendor ID, and a2ca for the product ID.

Next, add a udev configuration file. As in the article above, I put mine in /etc/udev/rules.d/70-u2f.rules:

ACTION!="add|change", GOTO="u2f_end"

# SoloKeys
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"

LABEL="u2f_end"

Finally, reload the udev rules:

> sudo udevadm control --reload-rules

You can now use your Solo key as a second factor with Google, Dropbox, Gandi, etc.; there’s a useful website that lists the various sites supporting U2F.

If, however, you want to use it with GitHub, you’ll have to do some fiddling, because despite the fact that Firefox supports U2F, GitHub is doing some old-school user agent sniffing to say it doesn’t! You can work around this by spoofing your user agent when adding the keys.