Yubico Forum ...visit our web-store at 2016-01-14T14:54:41+01:00 https://forum.yubico.com/feed.php?f=26&t=2144 2016-01-14T13:44:15+01:00 2016-01-14T13:44:15+01:00 https://forum.yubico.com/viewtopic.php?t=2144&p=8174#p8174 <![CDATA[Re: [Q?] Does the Yubikey 4 store the private-keys encrypted]]> codebase wrote:

In the FAQ of YubiHSM it says: Are keys deleted on intrusion events? Answer: Yes.
Does this also apply for the Yubikey 4?


The full answer on that page is "Yes, the YubiHSM uses a secure element that is designed to destroy data in the case of an intrusion". I don't know the details on how this particular secure element deals with this, but the YubiKey 4 uses the same secure element as the YubiHSM, so I would assume so.

Statistics: Posted by dain — Thu Jan 14, 2016 1:44 pm

]]> 2016-01-13T14:47:43+01:00 2016-01-13T14:47:43+01:00 https://forum.yubico.com/viewtopic.php?t=2144&p=8164#p8164 <![CDATA[Re: [Q?] Does the Yubikey 4 store the private-keys encrypted]]> https://www.yubico.com/products/yubihsm/#toggle-id-3
Quote:

Yes, YubiHSM uses a secure element. In addition, the key store can be stored encrypted with AES-256 (passphrase needed on startup).



In the FAQ of YubiHSM it says: Are keys deleted on intrusion events? Answer: Yes.
Does this also apply for the Yubikey 4?

Statistics: Posted by codebase — Wed Jan 13, 2016 2:47 pm

]]> 2016-01-13T14:01:12+01:00 2016-01-13T14:01:12+01:00 https://forum.yubico.com/viewtopic.php?t=2144&p=8160#p8160 <![CDATA[Re: [Q?] Does the Yubikey 4 store the private-keys encrypted]]> codebase wrote:

I have an idea: When you are creating new keys in GnuPG, you are able to do a backup of the private-keys. When you choose to backup your private-keys in GnuPG, you are asked for a passphrase which protects the backup (so the backup of the private-keys is encrypted, even if it's stored in a secure location offline).


I don't think this really solves any of the issues. Anyway, it would require both firmware level changes and client software changes, and would break compatibility with the specification.

Statistics: Posted by dain — Wed Jan 13, 2016 2:01 pm

]]> 2016-01-13T03:44:10+01:00 2016-01-13T03:44:10+01:00 https://forum.yubico.com/viewtopic.php?t=2144&p=8158#p8158 <![CDATA[Re: [Q?] Does the Yubikey 4 store the private-keys encrypted]]> Quote:

It's just not practical to do what you're asking, and questionable if it would add any real security in practice.

Agree 100%.

Quote:

I have an idea: ...

How about establishing a startup that would manufacture hardware tokens with the capability you described - storing private keys encrypted in hardware, and requiring a complex passphrase (scrypt- or argon2-derived key) to decrypt them? Then we'll see (a) at what price point you'd be able to sell them, and (b) how much interest there is for this capability on the market.

NSA, KGB, whoever, are you listening? :-)

Statistics: Posted by mouse008 — Wed Jan 13, 2016 3:44 am

]]> 2016-01-12T16:46:28+01:00 2016-01-12T16:46:28+01:00 https://forum.yubico.com/viewtopic.php?t=2144&p=8155#p8155 <![CDATA[Re: [Q?] Does the Yubikey 4 store the private-keys encrypted]]> dain wrote:

It's just not practical to do what you're asking, and questionable if it would add any real security in practice.
I have an idea: When you are creating new keys in GnuPG, you are able to do a backup of the private-keys. When you choose to backup your private-keys in GnuPG, you are asked for a passphrase which protects the backup (so the backup of the private-keys is encrypted, even if it's stored in a secure location offline).

Now, if you want to export your existing GnuPG keys to your Yubikey: Instead of taking the actual plain-text-secret-key, you simply take the encrypted backup of the secret-key to export it to the Yubikey! So you end up with your secret-keys encrypted on the Yubikey. And when you are about to do crypto-operations you are required to input your PIN (aka. passphrase for your backup).

  • Of course this would require change in code, but would this be possible?
  • Maybe without re-flashing the Yubikey firmware, e.g. by only changing software code on PC client side?



PS: Regarding "lost PIN / passphrase": If you have a backup of your private-keys from GnuPG, you can always re-export these private-keys to your Yubikey! Maybe change the passphrase of your offline backup keys afterwards in GnuPG, so you can access them even if you forgot your Yubikey PIN (aka passphrase).

Statistics: Posted by codebase — Tue Jan 12, 2016 4:46 pm

]]> 2016-01-12T13:19:05+01:00 2016-01-12T13:19:05+01:00 https://forum.yubico.com/viewtopic.php?t=2144&p=8152#p8152 <![CDATA[Re: [Q?] Does the Yubikey 4 store the private-keys encrypted]]>
Encrypting the keys using the PIN would be troublesome for a few reasons: First off, if you forget your PIN you can reset it using the Reset Code or the Admin PIN. You'd then be left with encrypted private keys and no knowledge of the key. To avoid this you could encrypt using each of these three PINs, so that any one of them can be used to decrypt. The problem then becomes that you would need to enter all codes when generating/importing a new key, to be able to do this encryption. This would not be compatibly with the OpenPGP card standard, so key management would require a separate client.

For this to give any real protection you would need a lot of entropy in each of the three PINs. Surely an adversary capable of extracting the keys from the chip would be able to spend some effort bruteforcing the encryption as well. Sure, you could use a key strengthening algorithm like PBKDF2 or scrypt, but again, this would be non-standard and require a specialized client which does this (so say goodbye to gpg).

It's just not practical to do what you're asking, and questionable if it would add any real security in practice.

Statistics: Posted by dain — Tue Jan 12, 2016 1:19 pm

]]> 2016-01-11T23:38:18+01:00 2016-01-11T23:38:18+01:00 https://forum.yubico.com/viewtopic.php?t=2144&p=8147#p8147 <![CDATA[Re: [Q?] Does the Yubikey 4 store the private-keys encrypted]]> Uriel wrote:

Quote:
... So IF you loose your Yubikey for whatever reason ...

Ever heard of key revocation?

Does key revocation justify, keeping the private-keys in plain-text on the device? interessting :roll:


Don't get me wrong, I'm pretty happy with my Yubikey 4 and I will keep using it; though I'm still shocked how you can keep the private-keys in plain-text when you are able to offer so many other features with this tiny piece of hardware.

Statistics: Posted by codebase — Mon Jan 11, 2016 11:38 pm

]]> 2016-01-11T20:38:44+01:00 2016-01-11T20:38:44+01:00 https://forum.yubico.com/viewtopic.php?t=2144&p=8145#p8145 <![CDATA[Re: [Q?] Does the Yubikey 4 store the private-keys encrypted]]> Quote:

... So IF you loose your Yubikey for whatever reason ...

Ever heard of key revocation?

Statistics: Posted by Uriel — Mon Jan 11, 2016 8:38 pm

]]> 2016-01-11T23:46:06+01:00 2016-01-10T19:27:54+01:00 https://forum.yubico.com/viewtopic.php?t=2144&p=8139#p8139 <![CDATA[Re: [Q?] Does the Yubikey 4 store the private-keys encrypted]]> mouse008 wrote:

I don't think any current smartcards store keys encrypted. If your threat model includes adversary capable of extracting private keys from silicon, you have bigger problems than a $40 device is likely to address.

Give me 1 reason why you are not using the user's PIN (1-256 character, digits, letters) to encrypt the private-keys on the silicon? It has nothing to do with threat-models at all, it's just common sense.


... So IF you loose your Yubikey for whatever reason ... you come home ... and lay in bed ... and know exactely as your thoughts are circling ... "Oh Dear. All the private-key material is stored there in plain text with no additional cryptographic protection at all." Then you are beginning to worry my friend, because then you are pretty f* up cause you just lost your private-keys, like a 12 year old school kid just lost his lunch and milky money. And guess what ... it has nothing to do with any conspiracy theory or three-letter-agency ... it's just not reasonable to store private-key material in plain-text on the hardware.

Statistics: Posted by codebase — Sun Jan 10, 2016 7:27 pm

]]> 2016-01-08T04:22:24+01:00 2016-01-08T04:22:24+01:00 https://forum.yubico.com/viewtopic.php?t=2144&p=8129#p8129 <![CDATA[Re: [Q?] Does the Yubikey 4 store the private-keys encrypted]]> mouse008 wrote:

I don't think any current smartcards store keys encrypted. If your threat model includes adversary capable of extracting private keys from silicon, you have bigger problems than a $40 device is likely to address.


That reminds me of the Mickens paper:
Quote:

Basically, you're either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you'll probably be fine if you pick a good password and don't respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU'RE GONNA DIE AND THERE'S NOTHING THAT YOU CAN DO ABOUT IT.


https://www.schneier.com/blog/archives/2015/08/mickens_on_secu.html

Statistics: Posted by cobaltjacket — Fri Jan 08, 2016 4:22 am

]]> 2016-01-08T01:54:58+01:00 2016-01-08T01:54:58+01:00 https://forum.yubico.com/viewtopic.php?t=2144&p=8128#p8128 <![CDATA[Re: [Q?] Does the Yubikey 4 store the private-keys encrypted]]> Statistics: Posted by mouse008 — Fri Jan 08, 2016 1:54 am

]]> 2016-01-14T14:54:41+01:00 2016-01-03T21:35:01+01:00 https://forum.yubico.com/viewtopic.php?t=2144&p=8106#p8106 <![CDATA[[SOLVED]Does the Yubikey 4 store the private-keys encrypted?]]>
does the Yubikey 4 store the GnuPG (GPG) private-keys on the Yubikey 4 encrypted on the silicon?


Regards,
Codebase

Statistics: Posted by codebase — Sun Jan 03, 2016 9:35 pm

]]>