Provided by: libfido2-doc_1.10.0-1_all bug

NAME
       fido_dev_enable_entattest, fido_dev_toggle_always_uv, fido_dev_force_pin_change, fido_dev_set_pin_minlen,
       fido_dev_set_pin_minlen_rpid — CTAP 2.1 configuration authenticator API


SYNOPSIS
       #include <fido.h>
       #include <fido/config.h>

       int
       fido_dev_enable_entattest(fido_dev_t *dev, const char *pin);

       int
       fido_dev_toggle_always_uv(fido_dev_t *dev, const char *pin);

       int
       fido_dev_force_pin_change(fido_dev_t *dev, const char *pin);

       int
       fido_dev_set_pin_minlen(fido_dev_t *dev, size_t len, const char *pin);

       int
       fido_dev_set_pin_minlen_rpid(fido_dev_t *dev, const char * const *rpid, size_t n, const char *pin);


DESCRIPTION
       The functions described in this page allow configuration of a CTAP 2.1 authenticator.

       The  fido_dev_enable_entattest()  function enables the Enterprise Attestation feature on dev.  Enterprise
       Attestation instructs the  authenticator  to  include  uniquely  identifying  information  in  subsequent
       attestation statements.  The pin parameter may be NULL if dev does not have a PIN set.

       The  fido_dev_toggle_always_uv()  function  toggles  the “user verification always” feature on dev.  When
       set, this toggle enforces user verification at the authenticator level for all known credentials.  If dev
       supports U2F (CTAP1) and the user verification methods  supported  by  the  authenticator  do  not  allow
       protection  of  U2F  credentials,  the  U2F  subsystem  will  be  disabled by the authenticator.  The pin
       parameter may be NULL if dev does not have a PIN set.

       The fido_dev_force_pin_change() instructs dev to require a PIN  change.   Subsequent  PIN  authentication
       attempts against dev will fail until its PIN is changed.

       The  fido_dev_set_pin_minlen()  function  sets the minimum PIN length of dev to len.  Minimum PIN lengths
       may only be increased.

       The fido_dev_set_pin_minlen_rpid() function sets the list of relying party identifiers (RP IDs) that  are
       allowed  to  obtain the minimum PIN length of dev through the CTAP 2.1 FIDO_EXT_MINPINLEN extension.  The
       list of RP identifiers is denoted by rpid, a vector of n NUL-terminated UTF-8 strings.  A copy of rpid is
       made, and no reference to it or its contents is kept.

       Configuration settings are reflected in the payload returned  by  the  authenticator  in  response  to  a
       fido_dev_get_cbor_info(3) call.


RETURN VALUES
       The     error     codes    returned    by    fido_dev_enable_entattest(),    fido_dev_toggle_always_uv(),
       fido_dev_force_pin_change(), fido_dev_set_pin_minlen(), and fido_dev_set_pin_minlen_rpid() are defined in
       <fido/err.h>.  On success, FIDO_OK is returned.


SEE ALSO
       fido_cred_pin_minlen(3), fido_dev_get_cbor_info(3), fido_dev_reset(3)

Debian                                         September 22, 2020                   FIDO_DEV_ENABLE_ENTATTEST(3)