1

Recently I acquired a security Fido key that allows me to use the U2F protocol on some of my accounts. Now I know that these keys use public/private keys for the specified account but I'm stuck on the logic of one part. How does the Fido Key know what account to extract the Keys for?

Example: When I'm signing into my GitHub account and I click the button my key, how does it know that it needs my keys for GitHub?

Omne
  • 103
  • 2
NerdOfCode
  • 133
  • 3
  • Why do you think that it needs to know that it is connected to a certain account? – schroeder Jan 15 '18 at 23:26
  • 1
    from their FAQ on their main page: There is no practical limit to the U2F secured services the Security Key can be associated with. During the registration process, the key pairs are generated on the device (secure element) but the key pairs are not stored on the Security Key. Instead, the key pair (public key and encrypted private key) are stored by each relying party/service that initiated the registration. Therefore, this approach allows for an unlimited number of services to be associated with the Security Key. – schroeder Jan 15 '18 at 23:27
  • I think that is more of an answer! – NerdOfCode Jan 15 '18 at 23:32
  • 1
    We expect that people have done at least a little research before posting. This was on their FAQ on their main page. It took me less than a minute to find and post (time between first comment and the second). I'm going to close this as "lack of research effort". – schroeder Jan 15 '18 at 23:34
  • 1
    Well... You didn’t even my question, I was just stating that wasn’t a comment... I’d expect the people that post answers to actually read the comments... – NerdOfCode Jan 16 '18 at 00:03

0 Answers0