Token2 Companion App v2 User Manual

Overview

The Token2 Companion App v2 is a desktop application for managing OTP (One-Time Password), FIDO, and PIV functionalities. It allows users to add, manage, and secure authentication tokens, OTP accounts, and FIDO2 keys.

Main Interface

• File: General operations, device settings, and device information.
• OTP: Manage OTP accounts.
• FIDO: Manage FIDO2 credentials and settings, including PIN and fingerprints.
• PIV: Manage PIV settings.
• About: Information about the app and device.

Device Information

This is the default screen displayed when you first launch the application. If you navigate away and want to return to this screen, you can access it through File > Device Information.

• Device Image: Visual representation of the FIDO2 key.
• Serial Number (SN): Unique identifier for the device.
• Firmware Version: Current firmware installed on the device.
• Connection Status: Indicates whether the device is Connected and Ready.
• Available Applets: Lists the supported applets on the current device:
  • OpenPGP
  • FIDO2
  • OATH (TOTP/HOTP)
  • PIV

File Menu

Device Settings

• CCID: Enable or disable the CCID channel.
• HID-HOTP: Enable or disable the HID channel.
  
  Note: HID-HOTP is disabled by default on devices starting from Release 3.3. If you need HID-HOTP functionality (for applications such as UserLock), make sure to enable the HID channel.
• FIDO: Enable or disable the FIDO channel.
• Apply: Save changes to the channel settings.

OTP Management

OTP Accounts

• View OTP Accounts: Displays a list of OTP accounts with their current OTP codes.
• OTP Display: Shows the OTP code, account name, and a progress indicator for the code's validity period.
• Actions:
  • Copy OTP: Copy the OTP code to the clipboard.
  • Delete: Remove the OTP account.

Adding a New OTP Account

1. Click + New OTP Account.
2. Fill in the account details (e.g., account name, secret key). Alternatively, use the QR button to read this data from TOTP-compliant QR code images displayed on the screen.
   
3. Click 'Add' to save the new OTP account.

FIDO Management

• FIDO Settings: Change or set up the FIDO2 PIN for authentication. Increase the minimum PIN length (managed separately for numeric and alphanumeric PINs).
  
  PIN length can only be increased and cannot be decreased.
  You can also enforce the user verification setting of the device to always be required (always_uv), regardless of the relying party's settings.
  
  You can also use the "Reset FIDO" button to reset the FIDO Applet to factory settings.
  Resetting FIDO will remove all FIDO-related data, including PIN and all types of credentials (resident and non-resident).
• Passkey Management: View or remove FIDO2 credentials stored on the device.
  
• Fingerprint Management: Register or manage fingerprint authentication for FIDO2 credentials.
  
  You can enroll, verify, rename, or delete fingerprints.
  

PIV Management

PIN and PUK Management

• Change PIN: Update the PIV PIN.
• Change Admin PIN: Update the administrative PIN for the PIV.
• Change PUK: Update the PUK (Personal Unblocking Key).
• Unblock PIN: Unblock the PIV PIN if locked. You can unlock the PIN using PUK or Admin PIN.
• Reset: Perform a full factory reset of the PIV applet. This removes all PIV credentials and resets the PIN, PUK, and Admin PIN to their default values.
  Handle with care — reset action is irreversible.

Certificate Management

You can store up to 15 certificates on Token2 PIV-enabled devices. Certificates can be generated or imported using the PIN or Admin PIN, but they can only be used (for authentication) with the regular user PIN. The user PIN can be reset or unblocked using the PUK or Admin PIN.

• Generate Key: Create a new key pair for a certificate.
• Import Certificate: Import an existing certificate.
• Export Certificate: Export a certificate to a file.
• Delete Certificate/Key: Remove a certificate or key.