A normal FIDO user performs various operations using skfsclient, such as registration, authentication, authorization, getting key information, updating key information, and deleting keys.
-
Open a terminal window.
-
Change directory where skfsclient.jar is present.
shell> cd /usr/local/strongkey/skfsclient - Execute sample client to view usage by using the following command:
shell> java -jar skfsclient.jarOutput
$ example:~/skfsclient> java -jar skfsclient.jar
Copyright (c) 2001-2024 StrongAuth, Inc. All rights reserved.
Command: R (registration) | A (authentication) | G (getkeysinfo) | U (updatekeyinfo) | D (deregister)
java -jar skfsclient.jar R <hostport> <did> <wsprotocol> <authtype> [ <accesskey> <secretkey> | <svcusername> <svcpassword> ] <username> <origin> <crossorigin>
java -jar skfsclient.jar A <hostport> <did> <wsprotocol> <authtype> [ <accesskey> <secretkey> | <svcusername> <svcpassword> ] <username> <origin> <authcounter> <crossorigin> <saml>
java -jar skfsclient.jar AZ <hostport> <did> <wsprotocol> <authtype> [ <accesskey> <secretkey> | <svcusername> <svcpassword> ] <username> <txid> <txpayload> <origin> <authcounter> <crossorigin> <verify>
java -jar skfsclient.jar G <hostport> <did> <wsprotocol> <authtype> [ <accesskey> <secretkey> | <svcusername> <svcpassword> ] <username>
java -jar skfsclient.jar U <hostport> <did> <wsprotocol> <authtype> [ <accesskey> <secretkey> | <svcusername> <svcpassword> ] <random-id> <displayname> <status>
java -jar skfsclient.jar D <hostport> <did> <wsprotocol> <authtype> [ <accesskey> <secretkey> | <svcusername> <svcpassword> ] <random-id>
Here is a brief description of each argument used with skfsclient:
|
Value |
Explanation |
|---|---|
|
did |
Unique domain identifier that belongs to SKCE |
|
hostport |
Host and port to access the FIDO SOAP and REST formats: http://<FQDN>:<non-ssl-portnumber> or https://<FQDN>:<ssl-portnumber> Example: https://fidodemo.strongauth.com:8181 |
|
wsprotocol |
Web socket protocol: [ REST | SOAP ] |
|
authtype |
Authentication type: [ HMAC | PASSWORD ] |
|
accesskey |
Access key for use in identifying a secret key. |
|
secretkey |
Secret key for HMACing a request. |
|
svcusername |
Username used for PASSWORD-based authorization. |
|
svcpassword |
Password used for PASSWORD-based authorization. |
|
username |
Username for registration, authentication, or getkeysinfo. |
|
origin |
Origin to be used by the FIDO Client Simulator. |
|
txid |
Whole number decided by the RP to uniquely identify the transaction. |
|
txpayload |
The transaction quotation marks. |
|
authcounter |
Authorization counter to be used by the FIDO Client Simulator. |
|
verify |
Whether or not the client should verify the signature sent by the FIDO2 server as a response: [ true/yes | false/no ] |
|
random-id |
String associated to a specific FIDO credential registered to a specific user. This is needed to perform actions on the key, like deactivate, activate and de-register. RandomIDs can be obtained by using the G option. |
|
crossorigin |
Boolean that will determine if client data allows crossorigin or not - to be used for the FIDO Client Simulator |
|
status |
Active/Inactive. Status to set the FIDO credential or policy to. |
The current defaults for HMAC- and PASSWORD-based authentication are as follows:
HMAC
- accesskey = 162a5684336fa6e7
- secretkey = 7edd81de1baab6ebcc76ebe3e38f41f4
PASSWORD
- svcusername = svcfidouser
- svcpassword = Abcd1234!