Installing token2 FIDO token on openSUSE Tumbleweed

05 Apr, 2025

Setting Up a Token2 FIDO2 Hardware Token on openSUSE Tumbleweed

I recently purchased a USB-C FIDO2 hardware token from Token2 to use with my openSUSE Tumbleweed installation. Unlike standard Yubikeys, this device doesn't work with the default Linux Yubikey software, so you need to build the Token2 software yourself. We'll be building libfido2, which will allow you to use your Token2 key. By the end of this guide, you'll be able to view your hardware information through a basic GUI (gui.py) or via a more useful shell script that lets you actually interact with your Token2 key.

Since the official instructions are for Ubuntu, I'll show you how to adapt them for openSUSE Tumbleweed.

Prerequisites

First, make sure you have git installed:

• sudo zypper in git
• mkdir ~/git
• cd ~/git

Download the libfido2 Git Repository

Download the build files with:

• git clone https://github.com/Token2/fido2-manage.git
• cd fido2-manage

Adapting for openSUSE Tumbleweed

The official instructions use Ubuntu's apt package manager with these commands:

• sudo apt install -y zlib1g-dev pkg-config sudo apt install -y cmake libcbor-dev libpcsclite-dev libssl-dev libudev-dev

For openSUSE, use this command instead to install the equivalent packages:

• sudo zypper in zlib1 pkg-config cmake libcbor-devel pcsc-lite-devel openssl-devel libudev

Building the Library

After zypper installs all the necessary dependencies:

• cd src (to access the source files)
• cmake -DUSE_PCSC=ON -DCMAKE_LIBRARY_PATH=/usr/lib64/ .

Note the period/full-stop at the very end of the last command - it's crucial, and the build will fail without it!

This should compile without issues and return you to the command prompt when completed.

Building the Application

We're halfway there! Now:

• cd .. (to go back up to the parent folder)
• sudo make -C . (note the period/full-stop again!)
• sudo make -C . install
• sudo ldconfig

Using the Shell Script

The file fido2-manage.sh in the current directory is a wrapper for the libfido2 library we just compiled. Make it executable:

• sudo chmod 755 fido2-manage.sh

Testing Your Setup

Stay in the current folder and type:

• ./fido2-manage.sh

This will show you a list of commands the script accepts.

Now plug in your FIDO2 key and type:

• ./fido2-manage.sh -list

Your FIDO2 key should now be visible!

Optional: Making the Script Globally Accessible

To make the script accessible from anywhere, not just the current folder:

• mkdir -p ~/bin (the -p flag ensures it won't error if the directory already exists)
• cp fido2-manage.sh ~/bin/
• chmod +x ~/bin/fido2manage.sh
• echo $PATH
• export PATH="$HOME/bin:$PATH"
• Bash users: source ~/.bashrc
• Zsh users: source ~/.zshrc
• Fish users: source ~/.fish/fish.config

Using the GUI

The GUI is basic - it only allows you to view information about the key, not modify it:

• python3 gui.py

You should now be able to choose your FIDO2 key from the drop-down menu. Enter your PIN (probably 0000), and you'll see your key's information!

#fido2 #linux #opensuse #token2 #tumbleweed