feat(nfc): dedupe USB-HID authenticators#270
Open
AlfioEmanueleFresta wants to merge 1 commit into
Open
Conversation
AlfioEmanueleFresta
force-pushed
the
feat/nfc-dedupe-usb-hid
branch
from
8aff0b0 to
4b66587
Compare
A USB security key exposes a FIDO HID interface and a USB-CCID interface that PC/SC lists as a reader, so the same key appears twice during discovery. Match the two by the USB (bus, address) behind each and drop the NFC entry that duplicates a connected HID key. Reading real NFC keys is unchanged. Relates to #182
AlfioEmanueleFresta
force-pushed
the
feat/nfc-dedupe-usb-hid
branch
from
4b66587 to
992c90e
Compare
AlfioEmanueleFresta
changed the title
iinuwa
approved these changes
Jun 15, 2026
iinuwa
left a comment
iinuwa
left a comment
Member
There was a problem hiding this comment.
I haven't been able to run this yet, but it looks good to me from reading the source.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Some security keys appear twice when we go looking for authenticators. The same key shows up once as a USB device over HID, and again as a PC/SC reader for its built-in smart-card interface. Both entries are the same physical key, but until now nothing connected them, so a single key plugged into USB also looked like a separate NFC authenticator waiting to be used.
We now recognize the two entries as one device by comparing the USB address behind each. When a reader resolves to the same physical USB device as a key we already see over HID, we drop it from the NFC list. A key plugged in over USB is no longer offered as a separate NFC device.
Reading real NFC keys is unchanged. A key held to a contactless reader has no matching USB device, so it stays in the list and is read exactly as before.
Relates to #182