Feitian ePass NFC security hardware token: Smart Card preparation



The Feitian ePass FIDO NFC is a cheap (compared to Yubikeys) hardware security token available for about 15€.

It comes with U2F only by default, but it's actually possible to use it as a Java Smart Card, and store secrets on it.


The package is cheap, and the documentation is lacking.




Other people have already talked about it: the Feitian ePass is easy to use with U2F, but documentation is sorely lacking.

Feitian indicate on their website that this key is supposed to support FIDO U2F, HOTP, GIDS, CCID, and Java Smart Card, but as I said above, only U2F is enabled out of the box.

Enabling the Smart Card

After looking around on their website for some time, I was able to find a pdf describing how to enable all these features.

It's pretty easy to follow, but here are the essentials:

First you have to use their ePass-FIDO-NFC OTP Tool to enable the CCID mode.

Enabling CCID

Since all the modes can work in parallel, I enabled them all (U2F, CCID, and OTP).

Then you have to initialize the Smart Card with the Gids Card Initialization Tool.

Initializing GIDS

No, that's not my PIN. (...or is it?)

And voilà! You now have a brand new Smart Card!

Side notes

U2F in the browser

As I understand, most if not all browsers are U2F capable, but not all have it enabled by default. It works out of the box with Chrome (which is unsurprising since U2F has been developed by Google), but not within Firefox.

To enable it within Firefox, you have to access about:config and set security.webauth.u2f to true.

You can then test it on https://u2fdemo.darkpan.com or https://u2fdemo.appspot.com (via your Google account).

U2F via NFC

U2F works out of the box with NFC.

You just need to install the Google authenticator app to intercept the browser's request for U2F, and use Chrome as your browser.

Also, the NFC of the key is not very sensitive, so be careful to put the key exactly on the NFC zone of your phone. On my OnePlus 5, it's right on the camera.

Using NFC not just for U2F

I'm not completely sure which modes are available with NFC.

I would like to use the Smart Card capabilities on my phone to access my certificate, but I'm not even sure whether that's possible...

Since it's a Java Smart Card, I should be able to add some applets?

If you have more information, please let me know!


Formatting cheat sheet.
The current page url links to a specific comment.
The comment is shown highlighted below in context.

    JavaScript is required to see the comments. Sorry...