How U2F works

Thomas Jarosch thomas.jarosch at
Fri Mar 3 18:25:05 CET 2017

On Tuesday, 28 February 2017 00:28:21 CET NIIBE Yutaka wrote:
> Anyhow, it would be possible for Gnuk to add U2F support (somehow
> limited, because of available resource on board).

regarding limited resources, the Yubikey people did a fine trick:
There is no per-website data stored on the Yubikey. So the amount
of websites you can use a single FIDO U2F key for is unlimited.

See "Limited storage on device" for details:

Also I think the attestation key is not enforced by websites,
so gnuk could just send a bogus / user configurable cert.


More information about the Gnupg-users mailing list