Skip to content

Using cryptocell #9

Description

@markdermotryan

Great project! I like the idea to have an open-source U2F token.
Question: Are the secret keys stored in the nRF52's cryptocell?

If I understand correctly, there are two types of secret key:

  • the attestation key. In general, it might be shared between a class of authenticator devices, and certified by the device maker; in this case it could not be a cryptocell key, since I suppose keys generated by the cryptocell cannot leave it.

  • the assertion keys, which are certified by the attestation key. These are generated by the authenticator, one for each relying party. So it makes sense for these to be generated by the cryptocell.

Grateful for comments (or corrections if I have misunderstood).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions