From 3a3a39cd5ff44620f1c791e3bf09f8e78a43acaa Mon Sep 17 00:00:00 2001 From: Piotr Bartman Date: Mon, 29 May 2023 23:58:24 +0200 Subject: [PATCH] migration to fido2: backward compatible policies names --- user/security-in-qubes/ctap-proxy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user/security-in-qubes/ctap-proxy.md b/user/security-in-qubes/ctap-proxy.md index 59e65f32..92e127dc 100644 --- a/user/security-in-qubes/ctap-proxy.md +++ b/user/security-in-qubes/ctap-proxy.md @@ -111,10 +111,10 @@ If your `twitter` qube makes an authentication request for your bank website, it To enable this, create a file in dom0 named `/etc/qubes/policy.d/30-user-ctapproxy.policy` with the following content: ``` -policy.RegisterArgument +ctap.GetAssertion sys-usb @anyvm allow target=dom0 +policy.RegisterArgument +u2f.Authenticate sys-usb @anyvm allow target=dom0 ``` -Next, empty the contents of `/etc/qubes-rpc/policy/ctap.GetAssertion` so that it is a blank file. +Next, empty the contents of `/etc/qubes-rpc/policy/u2f.Authenticate` so that it is a blank file. Do not delete the file itself. (If you do, the default file will be recreated the next time you update, so it will no longer be empty.) Finally, follow your web application's instructions to enroll your token and use it as usual. (This enrollment process depends on the web application and is in no way specific to Qubes CTAP.)