You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|`pc-hid-runner pin remove [--current <PIN>]`| Remove the PIN entirely |
109
+
110
+
When `--pin` / `--current` / `--new` are omitted, the CLI reads the values
111
+
interactively from stdin.
112
+
113
+
### Attach-time flags
114
+
115
+
| Flag | Purpose |
116
+
|------|---------|
117
+
|`--foreground`| Run in the foreground (useful for systemd integration) |
118
+
|`--manual-user-presence`| Require manual approval rather than auto-approving user presence |
119
+
|`--suppress-attestation`| Hide attestation certificates for privacy testing |
120
+
77
121
---
78
122
79
-
## Configuration Options
123
+
## Supported Algorithms
80
124
81
-
When running the `pc-hid-runner`, you can append several useful flags to customize its behavior:
125
+
The authenticator advertises all of the following COSE algorithms in
126
+
`authenticatorGetInfo` and will register and assert credentials against any
127
+
of them:
82
128
83
-
*`--manual-user-presence` : Require manual approval when a site requests user presence (default is auto-approve).
84
-
*`--state-dir <path>` : Change where the authenticator saves its internal state and credentials (defaults to `$XDG_DATA_HOME/feitian-mldsa-authenticator`).
85
-
*`--suppress-attestation` : Hide attestation certificates for privacy testing.
129
+
*`ES256` (-7) — classical NIST P-256 ECDSA
130
+
*`ML-DSA-44` (-48) — post-quantum, NIST level 2
131
+
*`ML-DSA-65` (-49) — post-quantum, NIST level 3
132
+
*`ML-DSA-87` (-50) — post-quantum, NIST level 5
86
133
87
-
*Note: Omit the `--foreground` flag to run the authenticator quietly as a background daemon. You can manage a daemonized instance using the `status` and `stop` subcommands.*
134
+
PIN/UV uses the standard CTAP2.1 protocols (1 and 2). The authenticator
135
+
also handles `authenticatorReset` (CTAP command 0x07) so credentials can be
0 commit comments