You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Great project! I like the idea to have an open-source U2F token.
Question: Are the secret keys stored in the nRF52's cryptocell?
If I understand correctly, there are two types of secret key:
the attestation key. In general, it might be shared between a class of authenticator devices, and certified by the device maker; in this case it could not be a cryptocell key, since I suppose keys generated by the cryptocell cannot leave it.
the assertion keys, which are certified by the attestation key. These are generated by the authenticator, one for each relying party. So it makes sense for these to be generated by the cryptocell.
Grateful for comments (or corrections if I have misunderstood).
The text was updated successfully, but these errors were encountered:
Great project! I like the idea to have an open-source U2F token.
Question: Are the secret keys stored in the nRF52's cryptocell?
If I understand correctly, there are two types of secret key:
the attestation key. In general, it might be shared between a class of authenticator devices, and certified by the device maker; in this case it could not be a cryptocell key, since I suppose keys generated by the cryptocell cannot leave it.
the assertion keys, which are certified by the attestation key. These are generated by the authenticator, one for each relying party. So it makes sense for these to be generated by the cryptocell.
Grateful for comments (or corrections if I have misunderstood).
The text was updated successfully, but these errors were encountered: