LinuxCommandLibrary

fido2-token

TLDR

List connected tokens

$ fido2-token -L
copy
Get token info
$ fido2-token -I [/dev/hidraw0]
copy
Set PIN
$ fido2-token -S [/dev/hidraw0]
copy
Change PIN
$ fido2-token -C [/dev/hidraw0]
copy
Reset token
$ fido2-token -R [/dev/hidraw0]
copy
List resident credentials
$ fido2-token -L -r [/dev/hidraw0]
copy

SYNOPSIS

fido2-token [options] [device]

DESCRIPTION

fido2-token manages FIDO2/WebAuthn security keys. It can list, configure, and reset hardware tokens like YubiKeys, SoloKeys, and other FIDO2 authenticators.
The tool is part of libfido2 and provides command-line access to token management functions typically accessed through browser WebAuthn APIs.

PARAMETERS

-L

List connected tokens.
-I device
Get device information.
-S device
Set new PIN.
-C device
Change existing PIN.
-R device
Reset device (dangerous).
-r
With -L, list resident credentials.
-b
With -L, list biometric templates.
-c
Blob (largeBlob) operations.
-d
Debug output.

DEVICE PATH

Tokens appear as HID devices:
- Linux: /dev/hidraw*
- macOS: ioreg device path

CAVEATS

Requires appropriate permissions (udev rules on Linux). Reset destroys all credentials on device. PIN operations may lock out token after too many failures. Not all tokens support all features.

HISTORY

fido2-token is part of libfido2, developed by Yubico and first released around 2019. It provides open-source tooling for the FIDO2 standard, which succeeded U2F for strong authentication.

SEE ALSO

fido2-cred(1), fido2-assert(1), ykman(1)

Copied to clipboard