Yubico Forum

Hi!

Few question about U2F in Yubikey:
1. How many sites can handle single YubiKey?
2. Does site-specific keypair is stored in YubiKey at all?
3. If yes, then how to manage stored keypairs?

Please refer to information on the product page https://www.yubico.com/products/yubikey ... urity-key/ and http://fidoalliance.org/specifications/download

1) u2f was just released few hours, as you can see http://fidoalliance.org/membership/members major player may release their support however we do not know specific plans for everyone.
2) No, there are no key pairs stored onto the Security Key by Yubico. Please refer to protocol specification for this kind of questions. U2F does not constrain manufactures so there could be different implementations. A U2F authenticator can exist in different form/shapes this is out of scope for U2F
3) http://fidoalliance.org/specifications/download

_________________
-Tom

Yes. I have look at it. And I found this:



So the question is: does Yubikey stores private key onboard? Or maybe Yubikey uses 'wrapped' key schema?

My layman's understanding of the yubikey U2F implementation:

While they are generated on the yubikey, neither the public nor private key pair for the origin/site are stored on the yubikey.

The yubikey generates the unique pair for each registering origin/site, encrypts the private key with the yubikey's internal symmetric key (single internal symmetric key for all U2F) and sends the public key and encrypted private key to the registering origin/site.

This way no additional storage is required on the key, and an unlimited number of origins/sites can use the key. When authenticating, a one time secret is generated by the origin/site, encrypted with the public key, and that encrypted one time secret, along with the previously-encrypted private key are both sent to the yubikey by the origin/site. The yubikey uses the internal symmetric key to decrypt the private key for that origin/site, then uses the private key to decrypt the encrypted one time secret, allowing it to prove to the origin/site that it is the one and only key that registered with those two asymmetric keys.

Only that particular yubikey can do that because it is the only one with that internal symmetric key.

B

@brendanhoar this is exactly what I suspected, but I'm expecting confirmation from Yubico

Looks like Tom confirmed it here:

viewtopic.php?f=26&t=1538#p5924

Well, at least broadly.

There are probably a couple of things I misstated or didn't cover above (e.g. there is probably a more complicated mix of encrypting/signing/hmacing/etc. during the authentication part of the process) but the general idea is that the plaintext-public key and the yubikey-encrypted-private key are stored by the party wishing to verify your identity, not on the yubikey.

B

Also, line 252 and forward here is presumably speaking about yubikey-esque U2F devices: https://fidoalliance.org/specs/fido-u2f ... 140209.pdf

B

It is a bit confusing as the FAQ on the product page describes wrapping the private key using the device secret and storing the wrapped version on the website you are trying to access but then this blog entry suggests that they do not do this

https://www.yubico.com/2014/11/yubicos- ... -wrapping/

Which is correct?

The blog post is correct.

Thank You for the clarification.

Maybe this page needs the text updating as it currently says the following which contradicts the blog.

https://www.yubico.com/products/yubikey ... oggle-id-8

There is no practical limit to the U2F secured services the Security Key can be associated with. During the registration process, the key pairs are generated on the device (secure element) but the key pairs are not stored on the Security Key. Instead, the key pair (public key and encrypted private key) are stored by each relying party/service that initiated the registration. Therefore, this approach allows for an unlimited number of services to be associated with the Security Key.