Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 12:51 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Wed Oct 22, 2014 11:44 am 
Offline

Joined: Tue Mar 05, 2013 12:53 pm
Posts: 17
Hi!

Few question about U2F in Yubikey:
1. How many sites can handle single YubiKey?
2. Does site-specific keypair is stored in YubiKey at all?
3. If yes, then how to manage stored keypairs?


Last edited by bmalkow on Mon Oct 27, 2014 12:46 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Oct 23, 2014 9:58 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Please refer to information on the product page https://www.yubico.com/products/yubikey ... urity-key/ and http://fidoalliance.org/specifications/download

1) u2f was just released few hours, as you can see http://fidoalliance.org/membership/members major player may release their support however we do not know specific plans for everyone.
2) No, there are no key pairs stored onto the Security Key by Yubico. Please refer to protocol specification for this kind of questions. U2F does not constrain manufactures so there could be different implementations. A U2F authenticator can exist in different form/shapes this is out of scope for U2F
3) http://fidoalliance.org/specifications/download

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 23, 2014 12:20 pm 
Offline

Joined: Tue Mar 05, 2013 12:53 pm
Posts: 17
Yes. I have look at it. And I found this:

Quote:
7. Allowing for Inexpensive U2F Devices
A key goal of this program is to enable extremely inexpensive yet secure devices. To enable new secure element chips to be as inexpensive as possible it is important to allow them to have minimal or no onboard memory.
A U2F device allows for this. The Key Handle issued by the U2F device does not have to be an index to the private key stored on board the U2F device secure element chip. Instead, the Key Handle can 'store' (i.e., contain) the private key for the origin and the hash of the origin encrypted with a 'wrapping' key known only to the U2F device secure element. When the Key Handle goes back to the secure element it 'unwraps' it to 'retrieve' the private key and the origin that it was generated for.


So the question is: does Yubikey stores private key onboard? Or maybe Yubikey uses 'wrapped' key schema?


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 23, 2014 1:23 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
bmalkow wrote:
Quote:
7. Allowing for Inexpensive U2F Devices
A key goal of this program is to enable extremely inexpensive yet secure devices. To enable new secure element chips to be as inexpensive as possible it is important to allow them to have minimal or no onboard memory.
A U2F device allows for this. The Key Handle issued by the U2F device does not have to be an index to the private key stored on board the U2F device secure element chip. Instead, the Key Handle can 'store' (i.e., contain) the private key for the origin and the hash of the origin encrypted with a 'wrapping' key known only to the U2F device secure element. When the Key Handle goes back to the secure element it 'unwraps' it to 'retrieve' the private key and the origin that it was generated for.


So the question is: does Yubikey stores private key onboard? Or maybe Yubikey uses 'wrapped' key schema?


My layman's understanding of the yubikey U2F implementation:

While they are generated on the yubikey, neither the public nor private key pair for the origin/site are stored on the yubikey.

The yubikey generates the unique pair for each registering origin/site, encrypts the private key with the yubikey's internal symmetric key (single internal symmetric key for all U2F) and sends the public key and encrypted private key to the registering origin/site.

This way no additional storage is required on the key, and an unlimited number of origins/sites can use the key. When authenticating, a one time secret is generated by the origin/site, encrypted with the public key, and that encrypted one time secret, along with the previously-encrypted private key are both sent to the yubikey by the origin/site. The yubikey uses the internal symmetric key to decrypt the private key for that origin/site, then uses the private key to decrypt the encrypted one time secret, allowing it to prove to the origin/site that it is the one and only key that registered with those two asymmetric keys.

Only that particular yubikey can do that because it is the only one with that internal symmetric key.

B


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 23, 2014 3:52 pm 
Offline

Joined: Tue Mar 05, 2013 12:53 pm
Posts: 17
@brendanhoar this is exactly what I suspected, but I'm expecting confirmation from Yubico :-)


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 23, 2014 7:39 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
bmalkow wrote:
@brendanhoar this is exactly what I suspected, but I'm expecting confirmation from Yubico :-)


Looks like Tom confirmed it here:

viewtopic.php?f=26&t=1538#p5924

Well, at least broadly.

There are probably a couple of things I misstated or didn't cover above (e.g. there is probably a more complicated mix of encrypting/signing/hmacing/etc. during the authentication part of the process) but the general idea is that the plaintext-public key and the yubikey-encrypted-private key are stored by the party wishing to verify your identity, not on the yubikey.

B


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 23, 2014 9:55 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
brendanhoar wrote:
bmalkow wrote:
@brendanhoar this is exactly what I suspected, but I'm expecting confirmation from Yubico :-)


Looks like Tom confirmed it here:

viewtopic.php?f=26&t=1538#p5924

Well, at least broadly.

There are probably a couple of things I misstated or didn't cover above (e.g. there is probably a more complicated mix of encrypting/signing/hmacing/etc. during the authentication part of the process) but the general idea is that the plaintext-public key and the yubikey-encrypted-private key are stored by the party wishing to verify your identity, not on the yubikey.

B


Also, line 252 and forward here is presumably speaking about yubikey-esque U2F devices: https://fidoalliance.org/specs/fido-u2f ... 140209.pdf

B

Code:
A U2F device allows for this. The Key Handle issued by the U2F device does not have
to be an index to the private key stored on board the U2F device secure element chip.
Instead, the Key Handle can “store” (i.e., contain) the private key for the origin and the
hash of the origin encrypted with a “wrapping” key known only to the U2F device secure
element. When the Key Handle goes back to the secure element it “unwraps” it to “retrieve”
the private key and the origin that it was generated for.


Top
 Profile  
Reply with quote  
PostPosted: Wed Jun 24, 2015 2:55 pm 
Offline

Joined: Wed May 11, 2011 2:43 pm
Posts: 3
It is a bit confusing as the FAQ on the product page describes wrapping the private key using the device secret and storing the wrapped version on the website you are trying to access but then this blog entry suggests that they do not do this

https://www.yubico.com/2014/11/yubicos- ... -wrapping/

Which is correct?


Top
 Profile  
Reply with quote  
PostPosted: Mon Jul 13, 2015 9:44 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Aug 06, 2014 2:40 pm
Posts: 38
fryrpc wrote:
It is a bit confusing as the FAQ on the product page describes wrapping the private key using the device secret and storing the wrapped version on the website you are trying to access but then this blog entry suggests that they do not do this

https://www.yubico.com/2014/11/yubicos- ... -wrapping/

Which is correct?

The blog post is correct.


Top
 Profile  
Reply with quote  
PostPosted: Mon Jul 13, 2015 3:01 pm 
Offline

Joined: Wed May 11, 2011 2:43 pm
Posts: 3
Thank You for the clarification.

Maybe this page needs the text updating as it currently says the following which contradicts the blog.

https://www.yubico.com/products/yubikey ... oggle-id-8

There is no practical limit to the U2F secured services the Security Key can be associated with. During the registration process, the key pairs are generated on the device (secure element) but the key pairs are not stored on the Security Key. Instead, the key pair (public key and encrypted private key) are stored by each relying party/service that initiated the registration. Therefore, this approach allows for an unlimited number of services to be associated with the Security Key.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group