Tamir Suliman 102718c747 Fix #9 - remove fixed 256-char buffers in ListView population
wcscpy_s into a 256-char stack buffer crashes via the invalid
parameter handler if a credential ID, fingerprint data, or device
info value exceeds 255 characters. FIDO2 credential IDs are binary
blobs encoded as hex or base64 and can easily exceed this limit.

Dropped the intermediate nameBuffer/valueBuffer in PopulateListView
and indexBuffer/dataBuffer in FingerprintDialogProc. Assigned
const_cast<LPWSTR>(str.c_str()) directly to lvItem.pszText instead,
which is safe because SendMessage(LVM_INSERTITEM/LVM_SETITEM) is
synchronous and copies the text before returning. This is the same
pattern already used correctly in PopulatePasskeysList.

Fixes #9
2026-06-06 13:46:33 +02:00
2024-11-30 20:08:18 +01:00
2024-11-30 20:08:18 +01:00
2024-11-30 20:08:18 +01:00
2024-11-30 20:08:18 +01:00
2024-11-30 19:38:00 +01:00
2024-12-01 13:23:46 +01:00
2024-12-03 09:03:10 +01:00
2024-11-30 20:08:18 +01:00
2024-11-30 20:08:18 +01:00
2024-12-01 13:12:11 +01:00
2024-12-01 13:11:48 +01:00
2024-12-01 13:23:46 +01:00

FIDO2 Token Management Tool (C++ Version)

Note


This tool is a complete rewrite of our PowerShell-based FIDO2 management tool, designed to address reliability and compatibility issues stemming from frequent antivirus false positives associated with PowerShell executables. While the new tool is harder to compile due to its C++ codebase, it offers significant improvements in performance, security, and user experience.

Overview

The FIDO2 Token Management Tool (fido2-manage.exe) is a lightweight, standalone application for managing FIDO2 authentication tokens. Built with C++, this tool leverages the power and efficiency of a compiled binary while maintaining the user-centric functionality of the original tool.

image

This new implementation directly integrates with the libfido2 library, providing seamless access to advanced token management features without the need for external scripting environments.

Why the Rewrite?

The decision to rewrite the tool in C++ was driven by the following challenges and objectives:

1. Antivirus Compatibility

  • PowerShell-based executables often trigger false positives from antivirus software, leading to unnecessary disruptions for users.
  • A compiled C++ binary significantly reduces the likelihood of such false positives, ensuring smoother deployments.

2. Performance and Efficiency

  • C++ provides a faster runtime and lower memory footprint compared to PowerShell.
  • This improvement is especially noticeable in environments where multiple tokens are being managed concurrently.

3. Enhanced Security

  • Eliminating dependencies on PowerShell mitigates potential vulnerabilities tied to scripting environments.
  • The released exe files are signed with the Token2 Code Signing certificate, further enhancing trust and security.

Key Features

  • Reliable Execution: Minimizes antivirus-related disruptions.
  • User-Friendly Interface: Retains human-readable device names and intuitive operation.
  • Efficient PIN Management: Supports secure PIN input directly via the command line.
  • Standalone Operation: Requires no additional scripting environments or runtime installations.

Getting Started

Prerequisites

  • Windows operating system
  • FIDO2 authentication device

Installation

  1. Download the latest release package .
  2. Place the executable in a directory of your choice.
  3. Ensure the tool is launched with administrative privileges for full functionality.

Usage

Run the executable from the command line with the desired arguments or launch FIDO2.1Manager.exe to launch the GUI. Command line parameters are described on this page: https://www.token2.com/site/page/fido2-1-security-key-management-tool-gui-for-fido2-manage-exe

S
Description
No description provided
Readme MIT 2 MiB
Languages
C++ 94.5%
C 5.5%