Yubico Forum

I am trying to create Java client application that will receive private key stored in Yubikey Neo and later use the key to sign the challenge from the server for FIDO U2F, but the problem is when I touched the button in Yubikey Neo it will instead generate the OTP (Yubikey Neo is set with OTP and U2F). I read in the U2F page that currently only Chrome browser is able to use U2F. I tried to use java-u2flib-server package but it seems that it could not access the private key stored CMIIW. So is there anyway I could get the private key from Yubikey Neo in Java?

Thanks

Your application (in Java, or in C/C++) can use the private key stored in the YubiKey by telling the token to perform operations with that key (and supplying the correct PIN) - but there's no way (short of bringing a government lab and destructive equipment to [b/extract[/b] the key from the token. That is by design, and is the main reason people buy YubiKey and other similar devices.

For normal public-key cryptography look up PKCS#11 access. Useful references:

• https://github.com/OpenSC/OpenSC.git
• https://github.com/CardContact/OpenSC-Java.git
• Oracle's documentation on PKCS#11

P.S. I haven't tried to actually program U2F (only "normal" PK processing using RSA and ECC) - but am pretty sure the approach would be rather similar.