2

I've been looking for a device, smartcard or USB that does two things:

  • provide storage to a private digital signature key (used with in a standard x509 certificate) for signing documents

  • provide U2F credentials for authentication with web applications.

  • optional: NFC or a way to use it from mobile device

I've found only one vague reference that a yubikey could do both (but it's not fips140-2 certified). Why are the other players in the field not developing devices with both functionalities? Gemalto, nitrokey, etc.

Is there some fundamental incompatibility with "old" PKI smartcards and U2F ? Both do similar operations at their core.

marianov
  • 121
  • 2

1 Answers1

4

The Yubikey Neo can do all three things you need. The standard Yubikey (non NFC) is, according to the website, in the process of beeing FIPS 140-2 certified.

An overview of certified U2F tokens can be found on the fidoalliance website

Generally speaking, U2F is a rather new standard, and the mainstream crypto token producers like Gemalto or SafeNet haven't quite jumped on that train yet. Technically, there is nothing that prevents a token from living in the PKCS#11 and U2F world at the same time.

mat
  • 1,243
  • 7
  • 14
  • Correct. Im using the Yubikey 4 with Smart Card (PIV) With PKCS11 interface and the U2F features. – Peter Jul 18 '17 at 14:54