Provided both Nitrokey PRO2 and HSM2 allow to keep a private key secure what prevents someone from creating a software authenticator using such a private key say via PKCS11 only for signature generation like in general U2F/FIDO2 devices?
It is known there are different software authenticators like Google authenticator which can work without hardware U2F/FIDO2 token, why not using a Nitrokey private key by them for better security?
The only problem can be creation of a chain of trust for a generated private key inside a Nitrokey.
In U2F/FIDO2 devices such key is generated once and signed by a manufacturer trusted certificate?
Can we sign our own key by some certificate authority to get described software authenticator working as expected by FIDO specification?
Another interesting issue/feature related to such authenticator could be ability to duplicate such authenticators (though it is not recommended by FIDO specifications)? We could just generate a master private key on the host PC and copy it to each Nitorkey PRO2/HSM2 used as an authenticator’s storage place for signature key.
If you know such software, please share a link to it.
May be https://github.com/LedgerHQ/ledger-u2f-javacard
can be an example of something similar, but it is not pure software and for some reason it needs an additional Java applet inside a cryptochip if I understand it correctly?
FIDO uses individual keys for each website. Assuming that you want to use the FIDO device for several accounts. Therefore your suggestion could only keep a master key secure but those individual keys would be outside of the device in cleartext. The security benefit is minimal. See specification for more details.
Does not a FIDO2 token keep newly generated key pairs (signed by its single internal non-exportable master key) outside of it too?
And if you refer to a token with a feature of resident keys, then private keys are still exportable via USB channel which can be sniffed, and then after exporting keys can be leaked the same way as not resident?
FIDO2 token and a smart card USB token look for me the same in terms having a single master non exportable private key by which they can sign other things like newly generated key pairs.
And I totaly do not understand why there are so many crypto currency devices trying to reinvent the wheel of secure hardware for stroring private keys.
Why they cannot have a USB slot to plug a Nitrokey PRO2/HSM2 into them to unlock their own key storage? Instead we see a continuous non stopping list of new security advisories for those pseudo security devices. It is rare when they use a real secure bank chip like NXP. And they sometime offer a FIDO2 feature too.
IMHO they need to run some embedded secure dedicated OS like Linux or OpenBSD to handle theirs services for crypto currencies and FIDO2, but still keep their master private key in an external true secure deivce like Nitrokey, Yubikey or a card reader with SC-HSM2.
Are newly generated keys’ encryption or even their generation handled by a software library like libfido2?
Does a hardware FIDO2 token (its firmware) pass such a raw NOT encrypted newly generated key through USB to/from a library like libfido2 or even client program using it? Does hardware FIDO2 token only signs such a raw new key?
And it is up to lib/soft whether and how to encrypt the key?