Using Token2 FIDO2 keys under Linux

Although many modern versions of Linux have native support for FIDO2 USB keys, quite a lot still do not support them out of the box. The reason is that, by default, USB dongles can't be accessed by users, for security reasons. To allow user access, so-called "udev rules" must be installed.

It is quite easy to fix this: manually, create a file like 70-token2-access.rules under your /etc/udev/rules.d directory with the following content

# this udev file should be used with udev 188 and newer
ACTION!="add|change", GOTO="u2f_end"

# Key-ID FIDO U2F
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="349e", ATTRS{idProduct}=="0010", TAG+="uaccess"

LABEL="u2f_end"


Additionally, run the following command after you create this file (it is not necessary to do this again in the future):

sudo udevadm control --reload-rules && sudo udevadm trigger

Hardware IDs

The IDs shown in the code above are  given as an example only. Follow the instructions below to find the ID values of other security key models.

For use with some applications, such as security software, you may need to know the USB product ID (PID) of the FIDO security key you have. You can use the steps below to find the USB PID of your device.

Windows

  1. Open Devices and Printers in the Control Panel.
  2. Right-click on the icon for the FIDO Security key  and choose Properties.
  3. Click on the Hardware tab.
  4. Click on Properties button
  5. Click on Details tab.
  6. Change Property drop down to Hardware IDs.
  7. You will see the PID listed.

Linux

  1. Open Terminal.
  2. Run: lsusb | grep -i FIDO
  3. You will see pairs of VendorID:ProductID listed.

macOS

  1. Open System Report (Apple Menu > About This Mac > System Report).
  2. Navigate to Hardware > USB.
  3. Select the FIDO key.
  4. See the Product ID below.

VID/PID Table

The vendor identification and product identification (VID/PID) data for the latest FIDO2 products from Token2 products is shown in the table below:

 

Model

VID

PID1

(for FIDO)

PID2

(for OTP on FIDO)

PID3

(for FIDO+ OTP)

USB only

0x349E

0x0010

0x0011

0x0012

USB+NFC

0x349E

0x0020

0x0021

0x0022

USB+Fingerprint

0x349E

0x0200

0x0201

0x0202