The FAQ says, that internal keys can be backupped (/regenerated) when it is done before the generation of Keys (technically probably setting a seed?). However, the FAQ then references a OpenPGP-specific section of the documentation. Does that mean that this is only possible for OpenPGP and not for others? (FIDO2, U2F …)? If so, FAQ should mention it
Can a Token (FIDO2 as well as U2F) be used for more than one account on the same domain? If so, will the server be able to know that both accounts belong to the same Token?
It seems this documentation page is a little confusing. Can you share the links to the one you have read?
- It is impossible to read private key secrets from the smart card by design.
- No user secrets are readable, including the ones used OTP and FIDO.
- It is possible to generate keys on PC in a secure environment (air-gapped PC), and then import these to the smart card.
- During the on-smartcard key generation GnuPG allows to backup some data for only one of the 3 private keys - the one used for encryption.
As for whether the FIDO2 token can be used with multiple accounts - yes, certainly. Webservice can try to fingerprint that by following the usage counter increments, however no user related data are sent.
By design webservices store the encrypted seed (generated on registering) needed for restoring the private key used for signing the FIDO request. On authentication the seed is decrypted, and used to regenerate the private keys, then the challenge from the webservice is signed and returned. This allows for infinite combinations of user-domain pairs.