8

As I understand, U2F is mainly used for authentication. It uses challenge-response scheme to check if the device used for logging in is the same device which was used during registration based on shared secret. So the result of the process is a yes/no answer.

Is there a way to use U2F device for encrypting data in a symmetrical way, like a local password manager?

Improve this question
1
  • Best solution is to find a U2F key that can do both like the Yubikey NEO Commented Feb 19, 2016 at 9:38

2 Answers 2

Reset to default
6

No, the U2F specified keys are not able to perform symmetric encryption operations. They are designed only for providing a public key, attestation certificate, and signing data for the challenge / response process with their internal private key. Specifications can be read at https://fidoalliance.org/specifications/overview/

Improve this answer
5
  • That's bad. So, a trusted 2nd party (server) is needed for secure data storage? How this works yubico.com/applications/password-management/consumer/… ? Commented Nov 18, 2015 at 8:00
  • 1
    Many YubiKey devices operate in several modes. What you've linked to describes another mode using HMAC-SHA1 which is not public key encryption and not part of the U2F standard. Commented Nov 18, 2015 at 8:26
  • Jeff: Could you elaborate why signing a challenge does not lend itself to a way to generate a password for symmetric encyrption? Commented Mar 14, 2017 at 19:41
  • @ChristopherOezbek I would suggest asking that as an independent question on crypto.stackexchange.com Commented Mar 14, 2017 at 19:43
  • @JeffFerland crypto.stackexchange.com/questions/44717/… Commented Mar 14, 2017 at 20:15
1

No, it is not possible to get some constant value/bytes from U2F device that will be unique for a particular device and can be used later as encryption key, mainly because of FIDO Privacy concern: "identifying devices would reveal a unique identifier for a device across unrelated origins, violating the user’s privacy." (c) FIDO specs.

In another hand, this is why U2F Signature feature also cant be used to get some constant value that can be later used as an encryption key:

  1. U2F device sign a Digest that is created by Client and Device (U2F adds signature counter to Digest). So every new signature will be unique even if Client provides the same data twice.
  2. When U2F device generates a new KeyHandle (ECDSA pair) it uses its own random value. So it will never generate the same KeyHandle even if you provide the same data for the 2nd request.

By FIDO philosophy, the U2F key mainly designed to ensure a Trust between Authentication Service and remote client. When you want to adopt U2F key for other authentication/security scenarios take care about a dozen of attacks that can be applied.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.