Just saw this post from Dain on Yubico's blog:
https://www.yubico.com/2014/11/yubicos-u2f-key-wrapping/Very very interesting.
Seems like a nice alternative to key wrapping...and a useful discussion, but...I think it's still missing important information (and not just because of the "(slightly simplified)" comment).
It's not clear to me how the EC public key, which must returned during registration and is used to generate the relying-party challenge during authentication, is generated. Since yubico states that private key is the output of the HMAC-SHA256 function, wouldn't that preclude generating an EC key pair in a standard manner?
Hmm.
Or is the HMAC-SHA256 output "private key" not the EC private key per se, but instead a portion of the mixed secret input, along with the device key, into a deterministic function (or set of functions) for creating the public/private keypair for this particular relationship? So the key pair is internally generated not only at registration but also (technically) at each authentication?
Not a cryptographer, but curious, and maybe the questions can help to improve the clarify of the blog post. Alternately, you get to kick me around for missing something very obvious (most likely).
Thanks,
Brendan
Login
FAQ
Search
