Fortify enables web applications to use smart cards, local certificate stores and do certificate enrollment. This is the "Tool" application used in the Fortify desktop application.
Home Page: https://tools.fortifyapp.com
License: MIT License
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
ws.info()
.then(info => console.log(info))
.catch((err) => {console.log(err)})
You made some improvements to the certificate view, they should find their way back here.
The following error surfaces when entering the YubiKey PIN.
Looks like it would be caused by this recent commit:
a072594#diff-82612db8f32ac3ab655fc3ee29a1e9334c9c22aae60de4ff0dba8d4b5b6c2b67R488
See screenshots below.
Fortify version: 1.3.4
OS: Windows
Browser: Chrome Version 91.0.4472.124 (Official Build) (32-bit)
WebCrypto API allows to generate keys with extractable parameter. We need UI checkbox for this parameter
What are the privacy implications of using Fortify?
Websites that you visit will be able to discover that you are running Fortify and this might be useful when combined with other information your browser leaks to track you on the web. These websites will not be able to tell what certificates, or smart cards you have unless you authorize them.
Once you authorize a website it will be able to see what certificates you have, with that information they may be able to infer other information about you. For example, if your certificates contain your legal name, they will have access to that information or if you have a national id card with a certificate it may be able to infer your citizenship.
What are the security implications of using Fortify?
We have gone out of our way to try to make Fortify a secure solution. We do believe the solution is well designed and resilient but to err is human so we expect to have security issues to resolve in the future.
With that said, the nature of the feature goals of Fortify requires it to enable websites to interact with the X.509 certificates and their associated cryptographic keys. This means when you grant these websites access to use Fortify they will have an opportunity to use those certificates and keys.
For smart cards Fortify will only let you use certificates that require a pin on use, it also has a unique session to the smart card per website so you will be prompted for use.
For software protected keys however if the software implementation does not require a prompt or pin on use the website will be able to use the associated key without explicit consent.
You should also be mindful if a website uses Fortify, any third-party origins the website incorporates will also be able to use Fortify.
How do I decide what websites I should let use Fortify
You should only let websites use Fortify that you trust, this is because they may be able to track you (like a cookie) and potentially trick you into signing something with a cryptographic key you control.
Hello,
After running fortify-web with npm run start, the server run but i always have on start the dialog modal with "Server is offline. Wait until the connection is established",
how i can fix that to run fortify properly,
thanks,
On a Windows 7 (32-bit) virtual machine, hosted by VMware Workstation, the Fortify app does not run.
Trying to run it causes the following error message to appear:
I'm new to fortify & yubikey tooling; and exploring the capabilities of this application. Here's what I've done so far.
I have tested the yubikey and it appears to work correctly. I have also ran yubikey-piv-tool and able to read certificates; ie yubico-piv-tool -s 9(a|c|d) --action read-certificate and it comes back with the certificates. Yubikey manager appears to functioning correctly.
When I launch the Fortify Tools the only providers that show up are Mac Crypto & NSS Certificate DB. The Yubikey provider does not show up. I have tested this with firefox & chrome and the same results.
I looked into the ~/.fortify/config.json. Everything looks vanilla.
In ~/.fortify/card.json; I see
{
"id": "993988460d8f49a2ac519a2935f00533",
"name": "YubiKey",
"file": {
"osx": "/usr/local/lib/libykcs11.dylib",
"linux": "/usr/local/lib/libykcs11.so",
"windows": "%WINDIR/System32/libykcs11-1.dll"
}
},
I've confirmed that the dylib is in the matching location:
$ ls -talr /usr/local/lib/libykcs11.dylib
lrwxr-xr-x 1 root wheel 17 Jul 3 17:15 /usr/local/lib/libykcs11.dylib -> libykcs11.2.dylib
Any idea on next steps to look at to try to figure out why the Yubikey provider is not showing up? I've tried to follow all the documentation/postings I could find to debug; what am I doing wrong?
Reader name: C3PO USB SMART CARD READER 0
ATR: 3B7F960000006A444E4965200101550410039000
{
"cards": [{
"atr": "3B7F960000006A444E4965200101550410039000",
"name": "Token name",
"driver": "F87A559DAFC9D182D9114BFDF7158E986F34B8C8"
}],
"drivers": [{
"id": "F87A559DAFC9D182D9114BFDF7158E986F34B8C8",
"name": "Driver name",
"file": {
"windows": "path/to/pkcs11.dll",
"osx": "path/to/pkcs11.dylib"
}
}]
}Smart card ATR parsing 3B7F960000006A444E4965200101550410039000
The application shows a PIN dialog if the token requires login. On Cancel button click it prompts PIN entering again and again
Reader name: Gemalto USB Smart Card Reader 0
ATR: 3BDF18008131FE580031B964050E010073B401D300000022
{
"cards": [{
"atr": "3BDF18008131FE580031B964050E010073B401D300000022",
"name": "Slovak eID",
"readOnly": true,
"driver": "39798896FC5DD6E2A96989718F694334275E0EAC"
}],
"drivers": [{
"id": "39798896FC5DD6E2A96989718F694334275E0EAC",
"name": "Slovak eID",
"file": {
"windows": {
"x86": "%PROGRAMFILES(X86)/eID klient/pkcs11_x64.dll",
"x64": "%PROGRAMFILES(X86)/eID klient/pkcs11_x86.dll"
},
"linux": {
"x86": "/usr/lib/eidklient/libpkcs11_sig_x64.so",
"x64": "/usr/lib/eidklient/libpkcs11_sig_x86.so"
},
"osx": "/Applications/eIDklient.app/Contents/Pkcs11/libPkcs11.dylib"
}
}]
}Smart card ATR parsing 3BDF18008131FE580031B964050E010073B401D300000022
PVPKCS11 which uses minidrivers for SmartCards cannot import certificate to token without private key. We need to add cert to token in the next order
Without $HOME/.pki/nssdb it works without error
{
"locale": "en",
"providers": [
{
"lib": "/usr/local/lib/softhsm/libsofthsm2.so",
"slots": [
0
]
},
{
"lib": "/usr/local/opt/nss/lib/libsoftokn3.dylib",
"slots": [
1
],
"libraryParameters": "configdir='/Users/microshine/tmp/nss' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='NSS#0' dbTokenDescription='NSS#1' cryptoTokenDescription='NSS#2' tokenDescription='NSS#3' "
},
{
"lib": "/usr/local/opt/nss/lib/libsoftokn3.dylib",
"slots": [
1
],
"libraryParameters": "configdir='$HOME/.pki/nssdb' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='NSS#0' dbTokenDescription='NSS default'"
}
],
"logging": true
}error.js:78 ERROR MESSAGE: TypeError: providers.where(...).get is not a function
at providerSelect$ (index.js:406)
at tryCatch (runtime.js:65)
at Generator.invoke [as _invoke] (runtime.js:303)
at Generator.prototype.(:3000/certificate/anonymous function) [as next] (webpack:///./~/babel-polyfill/~/regenerator-runtime/runtime.js?:117:21)
at next (proc.js:313)
at currCb (proc.js:389)
at runSelectEffect (proc.js:699)
at runEffect (proc.js:436)
at next (proc.js:317)
at proc (proc.js:272)
Sometimes after fortify has been running for some time, it will list two providers in the fortify tools provider drop-down as though there are two Yubikeys plugged in when there is definitely only one.
This will then lead to errors in trying to perform operations with the certificates on the card.
Usually have to restart Fortify to resolve this.
Fortify version 1.3.4 running on macOs Catalina 10.15.4
Moved from PeculiarVentures/fortify#91
I'm updating Fortify. New version can return more than 1 info about added or removed tokens. Current version of UI shows only 1 item from the list
Provider:Token Amount of tokens was changed (+2/-0)
@donskov if you need updated Fortify version let me know about it
Component added but dialogs still need texts & styling
Styling:
Stories:
Suggestions:
This is a read-only token so this operation is disabled.@alexgbv Could you suggest a UI solution?
An error occurs when running fortify-web in my local environment.
*Enviroment
Windows10:
node version: v12.17.0
npm version: 6.14.4
Hiya Guys,
When I try to initialize fortify web everything works fine on a 127.0.0.1 connection as soon as I deploy it to our internal website i get the error message "Cannot read property 'generateKey' of undefined".
Could it be that this error comes because there is no SSL certificate on it and just uses plain old http?
Steps:
TokenInfo::maxPinValueName: Portuguese National Identification Card
ATR(1): 3B 95 95 40 FF D0 00 54 01 32 (more here)
PKCS#11: OpenSC or /usr/lib/libpteidpkcs11.so
More information:
We will need to find someone with one of these cards to test with it before publishing
Application throws Cannot read properties of undefined if crypto provider keeps certificate request.
Steps to reproduce the problem:
Steps to reproduce
There is no error if do insert/remove token with selected system provider
Moved from PeculiarVentures/fortify#92
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.