I have heard good things about the emerging "FIDO U2F" standard [1]. I am especially interested in having a JavaScript API for cryptographic functions that I can access through a plug-in in a browser.
However, so far all my efforts to obtaining a physical hardware token supporting the FIDO U2F specs for testing were without success. Hopefully this will soon change when the first U2F compliant Yubikey NEO will be rolled out to the public.
What I would be particularly interested in, is decrypting short messages with the
app_id specific private key stored in the device through a JavaScript call.
While the "FIDO U2F" Javascript API draft [2] doesn't mention a method for this, I wonder whether I could use a simple
sign request and simply provide the data to be decrypted as websafe-base64-encoded
challenge?
In my understanding, the
response returned from the device would be the decrypted
challenge.
So in short, here is what I want to do:
- Obtain app_specific public key in Browser
- Encrypt foo with public key
- Store encrypted foo somewhere (e.g. browser cookie) for later use
On a later occasion:
- Send encrypted foo to the token as challenge
- Receive decrypted foo as response
Will this work or do I misunderstand the way challenge/response is implemented here?
[1]:
https://fidoalliance.org/specifications [2]:
https://fidoalliance.org/specs/fido-u2f ... 140209.pdf