Backup / Restore U2F secret?

Is it possible to backup / restore the user’s U2F secret?
This would include correct handling of the U2F counter of course.

This is simple with devices like the Trezor which have a screen, but I have not found how this can be done with the Nitrokey.

Thanks!

It’s not possible. Instead the backup strategy is to configure multiple
U2F devices with your accounts.

Hi!

By design the FIDO U2F devices are supposed to not be clone-able, and by extension the backup should not be possible. This is why Nitrokey FIDO U2F is not supporting this feature. Additionally the secret material is stored on the security chip, which allows only write. The key generation is done there as well, hence the key material never leaks outside the security chip.

According to the FIDO U2F Overview spec, the service should allow multiple devices to be registered, and this is how user should make his backup. In practice I have noticed, that web services often allow to register alternative ways for accessing the account, e.g. backup codes, or TOTP authentication.

Apparently they use the unix timestamp as the counter when restoring ensuring that it is always larger.

The idea with the counter being time is really clever! Thank you for pointing that out. However I think this defeats the whole idea, actually terminating additional security the counter adds.

1 Like

Yes, unfortunatly many services don’t support multiple U2F keys and alternatives like OTP and backup codes are inferior. :-/

actually terminating additional security the counter adds.

I don’t think the counter really adds any security, it just makes it possible to restore U2F secrets without breaking all the services you use them with.

Anyhow thanks for responding so fast :slight_smile:

I rather meant, that primary purpose of the usage counter - server-side cloned-device detection - is defeated by using the monotonic timestamp, and thus not compatible with the FIDO U2F specification. This is why the alternate devices are suggested, as a backup solution.
I understand the pain with the single FIDO U2F devices handled by webservices though. Hopefully this will change over time under users’ pressure.

Welcome! We are trying to keep 24 hours response time. Sometimes the notification emails get stuck, and we are delayed with the reply because of that.

1 Like

server-side cloned-device detection - is defeated by using the monotonic timestamp, and thus not compatible with the FIDO U2F specification.

Ah, that is good to know. I’ve heard that current servers don’t seem to enforce consecutive counter values, but yes, relying on that may cause issues down the road.