‐x RESEARCH: Hardware Security Keys - glenw921/TripleCrypt GitHub Wiki
DEPRECATED: There is no way to create an inviolable gate with FIDO2 authentication without a server to ensure the step isn't skipped. Also, there is no API for browser-based JavaScript access to PIV, nor OpenPGP, (could do it with WASM, but that would violate TripleCrypt's code transparency ethic).
YubiKeys and other hardware security keys are physical devices that generate One-Time Passwords (OTP) or use FIDO2/WebAuthn for authentication. YubiKeys can work offline for OTP generation or through WebAuthn for local authentication.
Compatibility: YubiKeys support WebAuthn and FIDO2, which can be integrated into PWAs.
Feasibility for TripleCrypt: Yes, TripleCrypt can use YubiKeys, especially through the WebAuthn API, as they support offline operations and can be used to authenticate the user before unlocking encrypted files.
How It Works: When using YubiKey in FIDO2/WebAuthn mode, the user plugs the YubiKey into their device, and the PWA uses the WebAuthn API to verify their identity. The YubiKey generates a unique keypair locally, which can be used to unlock the encryption key.
QUESTIONS: (1) Suppose a user has used a FIDO2 hardware security key to encrypt their secrets with TripleCrypt on host device "A". How would they use that key to decrypt their secrets on TripleCrypt host device "B", such as when needing to access a backup file because "A" is lost/broken? [A: The document is encrypted with a "Symmetric Encryption Key" (SEK). The SEK is then itself encrypted on/by the FIDO2 device. The encrypted SEK (eSEK) is then stored along side the encrypted document in a file containing both. This file is what is accessed on device "B" in conjunction with the FIDO2 device to decrypt the document. The eSEK could be made more secure by scrambling or adding chaff to it. (2) Which brand of FIDO2 keys are highest security? [A: Yubico, Google Titan, Feitian MultiPass K13, and SoloKeys, are top brands.] (3) Is it safe to buy FIDO2 keys on Amazon, or best to go directly to the manufacturer? [A: Amazon is ok, but check that reseller is an official/authorized dealer and check security seals on packaging. There have been cases of tampering.] (4) How are encryption keys managed with a FIDO2 device? [A: A public/private key pair are generated by the device. The private key is ALWAYS kept safe inside the device. The public key is sent from the device for encryption by a client software, and is not stored on the hardware key. Therefore, if the public key is to be reused for future encryption, it must be stored by the client software or in an associated data store.
================== ADDITIONAL DIALOG WITH orion1 ====================
I ASKED: Can FIDO2 keys be duplicated? Suppose I always carry my FIDO2 key with me, but then lose it. It would be nice to have a backup key at home.
o1 ANSWERED: FIDO2 keys cannot be duplicated in the traditional sense (like copying a physical key), because they are designed to generate and store unique cryptographic credentials per service (e.g., website or application) on each key. However, you can prepare a backup key for situations like losing or damaging your primary key.
Here’s how it works:
How to Set Up a Backup FIDO2 Key: Register Multiple Keys: Many services that support FIDO2 allow you to register more than one security key per account. You can register both your primary key and a backup key at the same time. This way, each key will generate its own unique credential for that service.
Use Both Keys Interchangeably: After both keys are registered, you can use either of them to authenticate. This way, if you lose your primary key, your backup key will still work.
Why Duplicating FIDO2 Keys is Not Possible: Unique Cryptographic Pairing: FIDO2 works by creating a unique key pair (private and public keys) per service. The private key stays securely on the hardware key and never leaves it. Since this private key is non-exportable and non-copyable, you can’t clone or duplicate a FIDO2 key.
Security by Design: This inability to duplicate or clone the key is a security feature. It ensures that even if someone had access to your FIDO2 key physically, they wouldn’t be able to create a copy of it.
What to Do If You Lose a FIDO2 Key: Backup Key: If you have registered a backup key, you can simply use that for logging in.
Recovery Options: Services that use FIDO2 often have fallback methods for recovering access, like:
Backup Codes: Many websites provide one-time-use backup codes when you first set up FIDO2 keys, which can be used in emergencies. Other 2FA Methods: Some services allow you to fall back on other two-factor methods (e.g., SMS, OTP apps like Google Authenticator). Tips for Backup Key Management: Store the Backup Key in a Safe Place: Keep your backup key at home or in a secure location, such as a safe, to reduce the risk of losing both keys simultaneously. Label the Keys: If you have multiple keys (e.g., one for daily use and one as a backup), labeling them helps you distinguish between the two easily. Register Keys on All Accounts: If you use FIDO2 keys for multiple accounts or services, ensure that your backup key is registered across all those accounts. Best Practice: Always register at least two FIDO2 keys with any service that supports them. This way, you have a backup ready, and you won’t lose access to your accounts if your primary key is lost or damaged.
I ASKED: Suppose I have a PWA named "TripleCrypt" which is installed from an HTTPS secure context, but then only ever runs offline to ensure no spyware can communicate the secret contents from TripleCrypt. TripleCrypt is used to store highly sensitive information, such as passwords and recovery keys. Users can enter their secret information, then encrypt it. They will need multiple factors to decrypt the text - such as PIN, password, and FIDO2 key.
Now, suppose a user has encrypted a file named "MySecrets.tc3" on host device "A" (an iPhone) using a YubiKey and TripleCrypt, then moved a copy of MySecrtes.tc3 to host device "B" (a Windows PC). If the user wants to decrypt MySecrtes.tc3 on device "B" do they need anything other than their physical FIDO2 key and the TripleCrypt PWA?
o1 ANSWERED: To decrypt the file MySecrets.tc3 on device B (a Windows PC) using the TripleCrypt PWA, the user will need more than just their physical FIDO2 key and the TripleCrypt PWA. Here’s a detailed breakdown of what’s required:
-
Physical FIDO2 Key The FIDO2 key used during encryption will be necessary for the decryption process on the new device (B). However, FIDO2 authentication relies on more than just having the physical key.
-
TripleCrypt PWA The TripleCrypt PWA must be installed on device B, in the same way as it was on device A. The PWA will handle the decryption process using the user’s factors (PIN, password, FIDO2 key). The PWA also ensures that the decryption process is conducted locally (offline), ensuring no external communication.
-
Multiple Factors Since TripleCrypt uses multi-factor authentication (MFA), other factors besides the FIDO2 key will also be required. These factors could include:
PIN: The user will need the same PIN they used during the encryption on device A. Password: If a password was part of the multi-factor setup, the user will need to enter that as well. Without the correct combination of all the factors (FIDO2 key, PIN, password), the decryption process will not succeed, even if the file is moved between devices.
-
Access to the Cryptographic Material on the FIDO2 Key When the file was encrypted on device A, the FIDO2 key was likely used to generate a cryptographic key pair (a public and private key) specific to the file or the encryption process. The private key portion of that pair never leaves the FIDO2 key and is essential for decrypting the file. If the same FIDO2 key is plugged into device B, the PWA on that device can access the private key from the FIDO2 key during the decryption process.
-
Browser Compatibility To support FIDO2 operations, the browser on device B must be compatible with WebAuthn (the API used for FIDO2 authentication). Most modern browsers (Chrome, Firefox, Edge) support this, so as long as the user is using a compatible browser, the TripleCrypt PWA should be able to access the FIDO2 key and request authentication.
Additional Notes: No Internet Connection Needed: Since TripleCrypt runs offline, the decryption process will occur locally on device B, and there is no need for an active internet connection to verify credentials. The FIDO2 authentication also happens locally when the key is plugged in.
No Need to Re-Register the FIDO2 Key: Assuming the PWA on device B can access the FIDO2 key, the user will not need to re-register the key or go through any online authentication steps, since everything is being handled offline.
In Summary: To decrypt MySecrets.tc3 on device B (the Windows PC), the user will need:
The physical FIDO2 key used during encryption. The TripleCrypt PWA installed and running on device B. The PIN and/or password used as additional authentication factors. A compatible browser on device B that supports FIDO2 and WebAuthn for offline use. With these in place, the user will be able to decrypt the file securely on device B.
I ASKED: Great! And, just to clarify; (1) The private key of the public/private pair used to encrypt MySecrtes.tc3 remains in the FIDO2/YubiKey, and (2) the public key of the public/private pair is not required to decrypt MySecrtes.tc3. So, even though keys were generated while encrypting MySecrtes.tc3 on "A" there is no need to do anything more than move the YubiKey to device B for its use in the decryption process, correct?
o1 ANSWERED: Let’s break this down and clarify your questions, step by step:
(1) Does the private key used to encrypt MySecrets.tc3 remain in the FIDO2/YubiKey? Yes, you're correct. The private key of the public/private key pair generated by the FIDO2 key (e.g., YubiKey) always stays within the key. This private key never leaves the hardware device, ensuring its security. When you use the FIDO2 key to authenticate or sign data (like for encryption or decryption), the private key performs cryptographic operations within the YubiKey.
In the case of encrypting MySecrets.tc3 on device A, the private key would have been used in the encryption process, but it remained securely within the FIDO2 key.
(2) Is the public key required to decrypt MySecrets.tc3? No, the public key itself is not directly required for decryption. The public key is typically used for verifying signatures or encrypting data, while the private key is required to decrypt or perform the cryptographic operations.
Since the private key is in the FIDO2 key (YubiKey), the decryption process will involve the YubiKey unlocking or participating in the decryption with that private key. The public key would have been used earlier, likely during the encryption or for verification, but once the file is encrypted, the decryption step requires only the private key, which the FIDO2 key holds.
Conclusion: Yes, you are correct:
Private key stays securely in the FIDO2/YubiKey. The public key is not needed for the decryption process. When moving from device A (iPhone) to device B (Windows PC), as long as you have the FIDO2 key (YubiKey) with the private key stored inside, and the other required factors (PIN, password), there’s nothing else you need to move or transfer for decryption. You simply need to insert the FIDO2 key into device B, and TripleCrypt can access it for decryption. This way, the user can securely decrypt MySecrets.tc3 on device B just by having the FIDO2 key (and the other authentication factors), without needing to do anything additional like transferring or regenerating keys.
I ASKED: Perfect! Now, suppose the user decrypts and updates the content of MySecrtes.tc3 on device B. Can it be re-encrypted on device B using the YubiKey with its current content, or would a new public/private key pair need to be created?
o1 ANSWERED: Excellent question! Let’s go step-by-step:
Can MySecrets.tc3 be re-encrypted on device B using the same YubiKey with its current content, or does a new public/private key pair need to be created? The short answer is: Yes, you can re-encrypt MySecrets.tc3 on device B using the same YubiKey without creating a new public/private key pair, provided the encryption logic is designed to reuse the existing key pair.
Here's the reasoning: Key Reuse in Encryption:
When encrypting and decrypting data with a YubiKey (or any FIDO2 hardware key), the private key stored within the YubiKey can be reused for multiple operations. There’s no inherent requirement to generate a new key pair each time you encrypt or decrypt data. As long as the FIDO2 key is registered and accessible, and your PWA (TripleCrypt) allows it, you can reuse the same private key for re-encrypting the updated MySecrets.tc3 file on device B. Encryption Process on Device B:
If the user updates the content of MySecrets.tc3 on device B, the PWA can use the same private key from the YubiKey to re-encrypt the file. Since the FIDO2 key is already registered for the user’s account and was previously used to encrypt MySecrets.tc3, the private key can be accessed again to perform encryption without creating a new key pair. Key Pair Longevity:
In many encryption schemes, long-lived key pairs are common, meaning that a single public/private key pair can be used for multiple encryption/decryption cycles. The private key stored in the FIDO2/YubiKey can remain valid for as long as the user chooses to use it. There’s typically no security requirement to regenerate a new public/private key pair unless the user specifically wants to reset or revoke the existing one (e.g., if the key was compromised). When Would You Need to Generate a New Key Pair? A new public/private key pair would only need to be created under specific conditions:
If the user wants to rotate or update their cryptographic keys for security reasons (e.g., key expiration or compromise). If the FIDO2 key itself was replaced or reset, requiring the setup of a new key pair. Summary: Re-encryption on device B using the YubiKey’s existing private key is possible and normal. No new key pair is required unless specifically desired. As long as the same YubiKey is used and the private key remains stored securely within it, the user can perform encryption and decryption across multiple devices, like moving from device A to B.
I ASKED: Going back to the original encryption of MySecrtes.tc3 on device A, what happened to the public key? Does it remain on device A? Is it held on the YubiKey? Is it in a file that can be moved to device B? Help me understand.
o1 ANSWERED: Great question! To understand what happens to the public key during the encryption of MySecrets.tc3 on device A, let's break it down step by step.
What Happens to the Public Key During Encryption? When you encrypt MySecrets.tc3 on device A using a YubiKey, the public/private key pair generated by the YubiKey plays a critical role in the encryption process:
Private Key: This is securely stored on the YubiKey itself and never leaves the device. The private key is used to sign and decrypt data, but it is not exposed to any other system.
Public Key: This key is exposed and is used for encryption or verification operations. Once generated, the public key can be shared freely because it’s not sensitive by itself (i.e., knowing the public key alone cannot decrypt or compromise the data).
Where Is the Public Key Stored? The public key typically ends up in one of the following places during the encryption process, depending on how the PWA (TripleCrypt) and FIDO2 authentication are implemented:
On Device A (in the PWA or Application):
Most likely, the public key is stored on device A, possibly within the TripleCrypt PWA itself. This allows the PWA to use the public key to encrypt data (i.e., MySecrets.tc3) and associate it with the private key stored in the YubiKey. The public key might be stored in a local database, configuration file, or encrypted storage on the device. Linked to the Encrypted File (MySecrets.tc3):
It’s also possible that the public key is embedded within the encrypted file itself, either directly or in some metadata associated with the file. This way, when MySecrets.tc3 is moved to device B, the public key can be retrieved and used for verification purposes or re-encryption, while the decryption relies on the private key stored in the YubiKey. This is a common practice in public/private key cryptography, where files or data carry the public key so that they can later be re-encrypted or verified. It Could Be Recovered by Device B:
Since the public key can be freely shared without security risks, the TripleCrypt PWA on device B could theoretically fetch the public key from device A or retrieve it from the file if it’s included in MySecrets.tc3. In some systems, the public key is part of a user profile or account that can be transferred or synced across devices if needed. Stored Locally in YubiKey (Unlikely):
Some hardware security keys, including certain configurations of YubiKey, can store public keys. However, in the standard FIDO2 usage, public keys are not stored on the YubiKey itself. Instead, they are stored either on the device (e.g., in the PWA) or in the encrypted data (e.g., MySecrets.tc3). The YubiKey itself is focused on private key management, leaving the public key management to the application or device.
So, to answer your specific questions: Does the public key remain on device A?
Yes, typically the public key is either stored on device A (within the PWA) or embedded in the encrypted file (MySecrets.tc3). This allows the encryption process to continue working when moving to device B. Is it held on the YubiKey?
No, the public key is generally not stored on the YubiKey. The YubiKey stores the private key for security purposes but doesn’t hold the public key, which can be safely stored outside the YubiKey (e.g., on the device or in the file). Is the public key in a file that can be moved to device B?