u2f seed

Fox, Kevin M Kevin.Fox at pnnl.gov
Fri Jan 3 10:56:24 AEDT 2020

That sounds like the application param is still used as part of the process though? Would allowing the user to specify the application work in the Solokey case?

What is stored in the private keyfile? The documentation says no private key is stored there. So is it just information used to reseed the public/private key?


From: openssh-unix-dev <openssh-unix-dev-bounces+kevin.fox=pnnl.gov at mindrot.org> on behalf of Christian Weisgerber <naddy at mips.inka.de>
Sent: Thursday, January 2, 2020 3:42 PM
To: openssh-unix-dev at mindrot.org
Subject: Re: u2f seed

On 2020-01-02, "Fox, Kevin M" <Kevin.Fox at pnnl.gov> wrote:

> In the u2f protocol, my understanding is in the normal case, the web browser seeds the keypair process with the hostname of the remote server. In the case of ssh, the hostname is probably not what I would want to do. But the u2f protocol seems to have a way to handle this.

There is no guarantee that the U2F token derives the key pair in a
deterministic fashion from the challenge/application parameters
passed during registration.

For instance, if I read the firmware code correctly, the Solokey
creates the key material using its built-in random number generator
and only uses its master secret and the application parameter to
wrap the key for the key handle.

Christian "naddy" Weisgerber                          naddy at mips.inka.de
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org

More information about the openssh-unix-dev mailing list