ihsanhaikalz wrote:
I am trying to create Java client application that will receive private key stored in Yubikey Neo and later use the key to sign the challenge from the server for FIDO U2F, but the problem is when I touched the button in Yubikey Neo it will instead generate the OTP (Yubikey Neo is set with OTP and U2F). I read in the U2F page that currently only Chrome browser is able to use U2F. I tried to use java-u2flib-server package but it seems that it could not access the private key stored CMIIW. So is there anyway I could get the private key from Yubikey Neo in Java?
Thanks
Maybe there's a translation issue, but if I'm understanding you correctly, no, you cannot do what you're asking. It is not possible to extract the private keys from the secure element, and this is by design, to prevent their compromise. All cryptographic operations are performed on the token itself, not on the host machine.
As far as U2F, officially, yes, only Chrome supports it, however there's a semi-official plug-in for Firefox that works perfectly fine on both the yubico test site and github (it doesn't appear to work for Google, but that seems to be more that they have their stuff hardcoded to say "you're not on chrome, bugger off" than because of an issue with the plug-in; presumably if I changed my user-agent string, it would work fine on Google too). That's only for browsers, though; plenty of other stuff supports it or can be made to. I use U2F for login / sudo on my linux machines.