Yubico Forum...visit our web-store at2016-09-04T16:08:16+01:00https://forum.yubico.com/feed.php?f=3&t=23992016-09-04T16:08:16+01:002016-09-04T16:08:16+01:00https://forum.yubico.com/viewtopic.php?t=2399&p=8955#p8955<![CDATA[Re: How to get private key stored instead of OTP for U2F Jav]]>mouse008 wrote:
Quote:
I use U2F for login / sudo on my linux machines
I'd appreciate some more details please, if you don't mind.
PM or start a new thread, please; that's not really in-scope for this thread (it's rude to hijack).
Statistics: Posted by SporkWitch — Sun Sep 04, 2016 4:08 pm
]]>2016-09-04T07:05:54+01:002016-09-04T07:05:54+01:00https://forum.yubico.com/viewtopic.php?t=2399&p=8954#p8954<![CDATA[Re: How to get private key stored instead of OTP for U2F Jav]]>Quote:
I use U2F for login / sudo on my linux machines
I'd appreciate some more details please, if you don't mind.
Statistics: Posted by mouse008 — Sun Sep 04, 2016 7:05 am
]]>2016-09-03T03:45:16+01:002016-09-03T03:45:16+01:00https://forum.yubico.com/viewtopic.php?t=2399&p=8948#p8948<![CDATA[Re: How to get private key stored instead of OTP for U2F Jav]]>ihsanhaikalz wrote:
I am trying to create Java client application that will receive private key stored in Yubikey Neo and later use the key to sign the challenge from the server for FIDO U2F, but the problem is when I touched the button in Yubikey Neo it will instead generate the OTP (Yubikey Neo is set with OTP and U2F). I read in the U2F page that currently only Chrome browser is able to use U2F. I tried to use java-u2flib-server package but it seems that it could not access the private key stored CMIIW. So is there anyway I could get the private key from Yubikey Neo in Java?
Thanks
Maybe there's a translation issue, but if I'm understanding you correctly, no, you cannot do what you're asking. It is not possible to extract the private keys from the secure element, and this is by design, to prevent their compromise. All cryptographic operations are performed on the token itself, not on the host machine.
As far as U2F, officially, yes, only Chrome supports it, however there's a semi-official plug-in for Firefox that works perfectly fine on both the yubico test site and github (it doesn't appear to work for Google, but that seems to be more that they have their stuff hardcoded to say "you're not on chrome, bugger off" than because of an issue with the plug-in; presumably if I changed my user-agent string, it would work fine on Google too). That's only for browsers, though; plenty of other stuff supports it or can be made to. I use U2F for login / sudo on my linux machines.
Statistics: Posted by SporkWitch — Sat Sep 03, 2016 3:45 am
]]>2016-08-19T13:58:01+01:002016-08-19T13:58:01+01:00https://forum.yubico.com/viewtopic.php?t=2399&p=8890#p8890<![CDATA[How to get private key stored instead of OTP for U2F Java?]]> Thanks
Statistics: Posted by ihsanhaikalz — Fri Aug 19, 2016 1:58 pm