How U2F works

Glenn Rempe glenn at
Tue Feb 28 01:28:25 CET 2017

Just chiming in here with some comments below. I am an active U2F user
and have played around with the server API's and read some of the
specs. Just to be clear, not an expert on U2F.

On 2/27/17 3:28 PM, NIIBE Yutaka wrote:
> Hello,
> Let me ask a question about U2F.  Or, more generally, possibility
> to enhance GnuPG for web authentication.

> Anyhow, it would be possible for Gnuk to add U2F support (somehow 
> limited, because of available resource on board).  Also, it would
> be possible for scdaemon (or other application) to emulate U2F
> protocol (just like Scute does emulate PKCS#11).
> Well, I have two concerns for U2F.
> (1) Atterstation key
> In the document of U2F:
>  It explains about Atterstation key.
> If it were common for services to do this Atterstation key check,
> U2F emulation or free U2F implementation will be no real use with
> no private key of the vendor.   (It reminds me the old days when
> Apache couldn't serve https because no certificate authority issued
> certificate for servers with Apache.)  I wondor if Atterstation key
> check is common or not.

Well, the attestation key would be checked by the server side process
right? And that is optional to check (but perhaps not optional to
send). So you probably would need to ask those that are integrating
U2F as a server auth method. Sending this seems to be a requirement
based on the spec link you sent. Couldn't you get a vendor specific
attestation key in any case for GnuK and use the same key across all

Yubico describes something about the attestation metadata they use here:

> (2) JavaScript
> It seems for me that there are special JavaScript(s) to offer
> access API to U2F.  I don't quite understand how it works to the
> physical device.
> I don't like nonfree JavaScript which may interfere user' control.
> Is it easy for free script (as in freedom) to integrate a script
> for U2F access?  Any such example scripts or any such services
> which do so?

I believe that at this point almost all use of U2F is through web
browsers that support talking to the U2F hardware API's directly. Only
Chrome has full support now, and Firefox and Opera are working on it
but are not yet generally available. The web Javascript API's are just
for requesting registration of a token or authentication. So you can't
use U2F in a browser that does not have support for it no matter what
JS you load in your page.

Browser support:

Yubico Demo Code and JS API

JS Polyfill

> Here, my concern is that if it is all for proprietary world, I am 
> reluctant to consider seriously about U2F.

FIDO U2F is based on an openly published standard but only for you to
'read and analyze'. Seems like you have to become a member of the FIDO
alliance to be protected. Its not an Internet RFC.

"FIDO's specifications are public and available for anyone to read and
analyze. But only FIDO Alliance Members benefit from “the promise” to
not assert patent rights against other members’ implementations (see
the FIDO Alliance Membership Agreement for details). Anyone may join
the FIDO Alliance; we encourage even very small companies with a very
low cost to join at the entry level. Members at all levels not only
benefit from the mutual non-assert protection, but also participate
with FIDO Alliance members, activities and developments; Associates
have more limited participation benefits. All are invited to join the
FIDO Alliance and participate."

> And finally, if web authentication is important, I would like to
> use the infrastructure of GnuPG to manage my own crypto computation
> and my own private keys.  Currently, we can use GnuPG for SSH
> authentication by its ssh-agent emulation.  I would like to extend
> this.

Wouldn't making this work require the browser vendors to support some
kind of 'pluggable local auth' that gnupg would emulate, and not only
support for hardware tokens like Yubikey? I don't know if they support
this broader concept or not.

What though is the benefit of using gnupg key as the crypto behind the
client auth? Seems like you are more exposed by having a portable gpg
key as opposed to a hardware embedded key. U2F makes it so easy to add
a backup key, and most implementations let you drop and add keys
pretty easily. Just trying to figure out if backing U2F with gpg, if
that is what you are proposing, is worth it?

> Any thoughts?  Thanks in advance.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170227/7f7e4ed2/attachment.sig>

More information about the Gnupg-users mailing list