Yubico Forum :: View topic - How to get private key stored instead of OTP for U2F Java?

I am trying to create Java client application that will receive private key stored in Yubikey Neo and later use the key to sign the challenge from the server for FIDO U2F, but the problem is when I touched the button in Yubikey Neo it will instead generate the OTP (Yubikey Neo is set with OTP and U2F). I read in the U2F page that currently only Chrome browser is able to use U2F. I tried to use java-u2flib-server package but it seems that it could not access the private key stored CMIIW. So is there anyway I could get the private key from Yubikey Neo in Java?

Thanks

Author:	ihsanhaikalz [ Fri Aug 19, 2016 1:58 pm ]
Post subject:	How to get private key stored instead of OTP for U2F Java?
I am trying to create Java client application that will receive private key stored in Yubikey Neo and later use the key to sign the challenge from the server for FIDO U2F, but the problem is when I touched the button in Yubikey Neo it will instead generate the OTP (Yubikey Neo is set with OTP and U2F). I read in the U2F page that currently only Chrome browser is able to use U2F. I tried to use java-u2flib-server package but it seems that it could not access the private key stored CMIIW. So is there anyway I could get the private key from Yubikey Neo in Java? Thanks

Author:	SporkWitch [ Sat Sep 03, 2016 3:45 am ]
Post subject:	Re: How to get private key stored instead of OTP for U2F Jav
ihsanhaikalz wrote: I am trying to create Java client application that will receive private key stored in Yubikey Neo and later use the key to sign the challenge from the server for FIDO U2F, but the problem is when I touched the button in Yubikey Neo it will instead generate the OTP (Yubikey Neo is set with OTP and U2F). I read in the U2F page that currently only Chrome browser is able to use U2F. I tried to use java-u2flib-server package but it seems that it could not access the private key stored CMIIW. So is there anyway I could get the private key from Yubikey Neo in Java? Thanks Maybe there's a translation issue, but if I'm understanding you correctly, no, you cannot do what you're asking. It is not possible to extract the private keys from the secure element, and this is by design, to prevent their compromise. All cryptographic operations are performed on the token itself, not on the host machine. As far as U2F, officially, yes, only Chrome supports it, however there's a semi-official plug-in for Firefox that works perfectly fine on both the yubico test site and github (it doesn't appear to work for Google, but that seems to be more that they have their stuff hardcoded to say "you're not on chrome, bugger off" than because of an issue with the plug-in; presumably if I changed my user-agent string, it would work fine on Google too). That's only for browsers, though; plenty of other stuff supports it or can be made to. I use U2F for login / sudo on my linux machines.

Author:	mouse008 [ Sun Sep 04, 2016 7:05 am ]
Post subject:	Re: How to get private key stored instead of OTP for U2F Jav
Quote: I use U2F for login / sudo on my linux machines I'd appreciate some more details please, if you don't mind.

Author:	SporkWitch [ Sun Sep 04, 2016 4:08 pm ]
Post subject:	Re: How to get private key stored instead of OTP for U2F Jav
mouse008 wrote: Quote: I use U2F for login / sudo on my linux machines I'd appreciate some more details please, if you don't mind. PM or start a new thread, please; that's not really in-scope for this thread (it's rude to hijack).

Yubico Forum https://forum.yubico.com/

How to get private key stored instead of OTP for U2F Java? https://forum.yubico.com/viewtopic.php?f=3&t=2399	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/