This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Key wrapping
Key wrapping

Version management

Difference between version and

At line 1 added 38 lines
!!! Overview
[{$pagename}] constructions are a class of [Symmetric Key Cryptography] [encryption] [algorithms] designed to encapsulate ([encrypt]) [cryptographic] [Keying material]
[{$pagename}] [algorithms] are intended for [applications] such as protecting keys while in untrusted storage or transmitting keys over untrusted communications networks. The constructions are typically built from standard primitives such as [Block Ciphers] and [Cryptographic Hash Function Comparisons]
[{$pagename}] [algorithms] can be used in a similar application: to securely transport a session key by encrypting it under a long-term [Key Encrypting Key] .
!! [U2F] Key Wrapping
As described in the [U2F] [specification]: “[U2F] tokens might not store [Private Key] material, and instead might export a wrapped [Private Key] as part of the key handle” (from the implementation considerations document).
What does exporting a wrapped [Private Key] mean? Basically this (somewhat simplified):
When a U2F device is registered, an [Elliptic Curve] key-pair (using the [secp256r1] curve, as specified in the U2F standard) is generated on the device itself. The [Private Key] is then [encrypted] using a [device] master [secret], forming the key handle, which is then sent together with the [Public Key] to be stored on the RP ([WebAuthn Relying Party]) server. To [authenticate], the [WebAuthn Relying Party] sends a challenge together with the key handle, and the [U2F] device [decrypts|Decryption] the wrapped [Private Key] to be able to produce a valid [Digital Signature] for the challenge.
Generally, this is a sound approach, and is secure when done correctly. It does have its drawbacks, however. One is that it feels less secure, as even though the [Private Key] is [encrypted], it does leave the device. In practice as long as the [encryption] used for the [{$pagename}] is strong, this [SHOULD NOT] a problem. Another issue is that it introduces additional complexity to the [protocol], as we now have a new cryptographic primitive ([encryption]), with possible pitfalls.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Key_Wrap|Wikipedia:Key_Wrap|target='_blank'] - based on information obtained 2020-11-27
* [#2] - [Yubico’s Take on U2F Key Wrapping|https://www.yubico.com/blog/yubicos-u2f-key-wrapping/|target='_blank'] - based on information obtained 2020-11-27
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop