Can I make multiple Nitrokey 3 devices identical?

Eric · October 13, 2022, 11:37am

Hello,

I’ve finally received my Nitrokey 3 A NFC keys. I was wondering if it is or will be possible to make keys identical. I presume I would have to generate a private key myself and reset the devices with that, but since I don’t know how FIDO2 exactly works, I want to know if it’s even possible.

I’m aware I can register multiple keys with services, but I won’t be carrying both keys with me when I’m registering them.

Kind regards,

Eric

robin-nitrokey · October 13, 2022, 3:18pm

For FIDO2, it is by design not possible to “clone” the device or to use the same device key on multiple devices. The recommended solution is the one you mentioned: registering multiple keys.

See also: Clone a Fido2 stick

Eric · October 14, 2022, 11:10am

@robin-nitrokey

Thank you for the swift reply. Of course I don’t mean to clone a device, but to initialize multiple devices with the same key.

I see that per spec the keys “should” be unique. I think the clone detection feature is a bit of a useless gimmick. The main advantage of unique keys is being able to remove a lost key from an account, while still having the other key attached, not having to reinitialize any duplicates. But that’s besides the point, since you have decided to follow the spec.

I don’t need to have duplicates per se. My problem is that I’m not carrying my backup key around, but need to add the backup to an account. Is there any mechanism to add a key to an account without having the key present?

Kind regards,

Eric

Edit: “without” having the key

robin-nitrokey · October 14, 2022, 11:32am

I don’t think this is possible to register a device without it being connected. If you have the infrastructure and are willing to set it up, you could use usbip to remotely connect the USB device over the network.

Eric · October 14, 2022, 2:07pm

@robin-nitrokey

Thank you for your suggestion, but that’s not really practical.

So do I understand correctly that for FIDO2 a unique key pair is generated on the Nitrokey for each registration?

I’ll manage, but it’s a shame no one seems to have thought this through for every day use by ordinary users.

szszszsz · October 18, 2022, 11:35am

Yes, the generated keys are unique each time. And the advantage is you can revoke each of them independently in case you lose it or break.
In fact it was thought about and explicitly decided against it, as cloning/backup would be a potential easy way for security breach. We could of course easily extend it with a cloning/backup operation on our own, but it would not be a FIDO2-conforming device then.
In the upcoming update to the FIDO2 spec there is some kind of key sharing, but I expect this will not arrive in the coming year at least.

Eric · October 19, 2022, 10:28am

Thank you for your reply.

I’m not sure what you are responding here to. I know that individual devices are supposed to be unique by default. My follow up was asking whether there are uniquely generated key pairs for registrations.
I understand you shouldn’t be able to extract (clone/backup) the hardware keys. I was asking about the possibility to install my own predefined private key to multiple devices and if that would even work for FIDO2. That this is outside of the spec was already discussed.
I’m very curious how that would work. Is there any draft yet?

szszszsz · October 19, 2022, 11:38am

Sorry, I misunderstood the question. Yes, each registration makes unique key.
Do you mean importing your own private key to use in registrations? While technically possible, this would remove the privacy guarantee given by key-per-domain schema. As you say, this is out of specification, and not supported.
Sadly I can’t find the article right now. I will post it once done so.

szszszsz · November 2, 2022, 9:35am

@Eric I think this is what I had in mind:

After a brief read, passkeys are built on FIDO2, and are still not transferrable, but using one you can authenticate yourself and create another on the new device. This can be done already with FIDO2, hence I presume this is mostly rebranding + UX / workflow change. I still need to look deeper into that myself, so please correct me if I am wrong. Citing the first link:

For example, a user visits site.example on their Chromebook. This user has previously logged into site.example on their iOS device and generated a passkey. On the Chromebook, the user chooses to sign in with a passkey from another device. The two devices will connect and the user will be prompted to approve the use of their passkey on the iOS device, e.g. with FaceID. After doing so, they are signed in on the Chromebook. Note that the passkey itself is not transferred to the Chromebook, so typically site.example will offer to create a new passkey there. That way, the phone is not required next time the user wants to sign in.

nku · November 2, 2022, 7:51pm

There are solutions that allow import of key material into special editions of trussed based tokens similar to Nitrokey 3.

The tokens need to be in an unlocked state and the firmware needs to support this.

That is also a design decision from a security point of view, as per specification the FIDO2 tokens must not be able to be cloned. I think Nitrokey focused on signed firmware and on-device non-clone-able secret material. It is also a matter of how to protect the secret bytes in a password manager as bip32 words, printout, picture, etc.

The above kickstart project also aimed on eliminating any concerns about the true randomness of the secret material. As soon as a FIDO2 key gets used, multiple token made from the same seed cannot be used in parallel, as internal counters and other configuration data evolves over the usage time.