My understanding is Nitrokey (which uses the same codebase as Solokeys), generates a master which is then used to derive key pairs for each site. The key wrapping scheme (described here) uses a random number as the key-id which is used to generate the key pair dynamically. The public key along with the the random number is used for registration. Subsequently, the key-id is used to regenerate (derive) the key pair during authentication.
The question is - is the master key burnt into the nitrokey during manufacturing? The same documentation says it is generated during initialization. But the question is if the master key is retained after a reset?
I tried to pose the question in this thread, but didn’t reach a conclusion. I wasn’t sure after reading the code either. So one of my colleague suggested the test below. do you think this tests would provide conclusively?
- Start with a new nitrokey - Register with a site (This will generate a key-id that is included in the registration)
- Login using the key ( this should work. Standard process)
- Reset the key
- Try to login to the site without new registration. If you are able to login to the site, then we can conclude that the master key is retained beyond a factory reset. If you are not able to login, it means the keys generated from key-id is different which means the master key has changed. (possibly regenerated).