How U2F works

Thomas Jarosch thomas.jarosch at intra2net.com
Fri Mar 3 18:25:05 CET 2017


On Tuesday, 28 February 2017 00:28:21 CET NIIBE Yutaka wrote:
> Anyhow, it would be possible for Gnuk to add U2F support (somehow
> limited, because of available resource on board).

regarding limited resources, the Yubikey people did a fine trick:
There is no per-website data stored on the Yubikey. So the amount
of websites you can use a single FIDO U2F key for is unlimited.

See "Limited storage on device" for details:
https://developers.yubico.com/U2F/Protocol_details/Key_generation.html


Also I think the attestation key is not enforced by websites,
so gnuk could just send a bogus / user configurable cert.

Cheers,
Thomas




More information about the Gnupg-users mailing list