The YubiKey NEO--Smartcard features

Smartcard features on the YubiKey NEO

Yubikeys is a line of small and low-cost hardware security tokens popular for their one-time password (OTP) functionality .

While the basic YubiKey model was limited to generating OTPs when plugged into a USB port,

The more expensive NEO model adds contactless NFC support for OTP

And it can be configured as a Smartcard-which opens up the possibility of several other use cases.

When we first looked at the NEO in April, the smartcard functionality is in a temperamental state.

Fortunately, things has matured quite a bit since then which significantly increases the YubiKey NEO ' s value as a Securi Ty tool.

To recap, both the regular YubiKey and the NEO include the virtual configuration "slots"

That can is set up independently.

Each slot can is loaded with a secret credential that the device would use to generate a security code in response

to a button press (one slot was bound to a short tap, and the other to a longer press-and-hold).

The YubiKey presents itself as a standard USB Human Interface Device (HID) keyboard,

So there is no drivers required on any platform:

One plugs it in and it works.

In this basic mode, each slot can is set up to send

A static password,

An Open authentication (OATH)-compatible hash-based message Authentication Code (HMAC)-based one-time Password (HOTP),

A password for Yubico ' s own OTP service, or

An HMAC-SHA1 challenge-response code.

But the set of options is a bit of a limitation.

HOTP is not a widely deployed, at least no in comparison to the other OATH standard, time-based one-time passwords (TOTP).

The YubiKey cannot compute TOTP passwords internally, because doing so requires a realtime clock.

A YubiKey can generate a TOTP password when used in conjunction with a software program running on the computer

That the YubiKey was plugged into (using the HMAC-SHA1 challenge-response mode);

Yubico provides both a desktop Qt application and an Android app for this purpose.

This was a useful feature, since so many services use TOTP, but the YubiKey was still limited to storing-credentials.

Software-based competitors, like the Google Authenticator app for Android, can store any number of credentials.

It's where the smartcard features can make up some of the difference.

The NEO includes a Common criteria–certified Javacard secure element, which can be loaded with several Javacard applets. One of the applets developed by Yubico are an OATH implementation so can store multiple TOTP credentials, essentially all Owing the neo to serve as a Google Authenticator substitute-at least, a substitute on any device that the NEO can be Conne CTED to (which, of course, does don't include every Android device on the market).

Smarts and Cards

Back in April, however, the tools required to get the Javacard applets running on the NEO

Were in a bit of a rough state and the relevant information was limited

To whatever one could find by scouring the forums.

To is fair, of course, anyone without prior experience in the world of configuring

and using Javacard hardware would face a difficult learning curve when tackling the task,

But the YubiKey software was spotty and the documentation sparse.

For example, it relied on a external tool to manage and upload applets to the Javacard element-

One, suffered from incompatibilities with modern Linux systems.

Subsequently, though, Yubico wrote its own command-line program for interfacing with the NEO ' s javacard element,

Developed a qt-based graphical tool for configuring the NEO ' s mode and applet settings,

And put a considerable amount of work into developing a suite of applets.

A handful of these applets come with the NEO firmware, which spares new users the pain of compiling

and installing the applets altogether. But, if users so choose, they can still update the applets manually.

All of Yubico ' s client software are available from the Yubico site,

Although most of it are also now packaged by mainstream Linux distributions.

Running:

    Ykneomgr-a

Would return the applets currently installed on a attached NEO, listed by their Javacard application Identifiers (AID). For example:

    0:a000000527200101    1:d2760000850101    2:d2760001240102000000000000010000    3:a000000308000010000100    4:a000000527210101

Determining which applets correspond to the AIDs, though, requires some searching, as there are no official list.

In this instance, there is a forum thread, the sheds some light.

In order, these applets is

The basic NEO OTP functionality,

The NFC data-exchange functionality,

An OpenPGP applet,

A Personal Identity verification (PIV) applet,

and the HOTP/TOTP OATH applet.

A New applet can be installed with

ykneomgr-i

and an existing applets deleted with

ykneomgr-d.

The basic OTP and NFC applets should not be deleted;

They implement the core functionality of the device and (at least as of today), source code is not available for them.

Source is provided only for the OATH applet and OpenPGP applet

(the latter of which is a slightly modified version of Joeri de Ruiter ' s gplv2+ licensed Javacard OpenPGP applet).

The Javacard element can be protected with a PIN code to prevent unauthorized users from removing or replacing applets;

It is the clearly a good idea-to-enable this protection, lest some attacker replace the applet on one ' s YubiKey.

Time for TOTP

The OATH applet is, for many users, the key piece of javacard functionality,

Because it effectively removes the Two-slot credential limitation

(How many HOTP/TOTP secrets it can hold varies, depending on their size, but the number is quite large)

and is compatible with the majority of Two-factor authentication options in widespread usage.

To use it, the NEO must first being placed into the proper mode (by default, the Javacard functionality was switched off, for Wider compatibility).

The graphical neoman application sports a selector for toggling OTP mode and Javacard mode (labeled CCID) indepen dently.

The other half of the OATH applets is the Client-side yubioath application.

The desktop version is python-based; Instructions and dependencies is listed on the Application Web page,

Though the instructions for launching it is incorrect.

With the ccid-enabled NEO plugged to a USB port, the user can launch the OATH client application with

    Python./ui_systray.py &

This spawns a system-tray/taskbar application; Right-clicking on its icon, one can open the main window,

Which shows a list of the configured OATH accounts, the current codes for each account,

And a timer indicating how long the TOTP codes has before they expire and a new code regenerated.

In the Android Yubioath app, one can swipe the NEO past the device NFC sensor

And see the TOTP codes generated.

The user experience is more or less identical to that of mobile apps like Google Authenticator

(In fact, the Android version of Yubico ' s client software even mimics the Google Authenticator icon).

But there is a few differences.

The important distinction is and the desktop OATH application has no access

Cameras attached to the system (nor other image-input methods);

It can therefore not being used to the load any HOTP/TOTP secrets that is only presented as QR codes.

In my tests, only about half of the Two-factor authentication services

I configured displayed a text version of the HOTP/TOTP secret credential in addition to the QR code version.

The good news is that, because HOTP/TOTP credentials was stored on the NEO,

The NEO can is set up with the Yubico Authenticator app on an Android device,

And it'll subsequently work on the desktop software, too.

Those without an Android device, the Yubico desktop software won't work

With a qr-code–only configuration process.

PGP and other applets options

After the OATH applets, the most popular javacard applets for the NEO seems to be the OpenPGP applet.

Support for smartcard configuration and usage are built in to GnuPG,

And the NEO ' s OpenPGP applet works without too much trouble.

With the NEO plugged in, all configuration is done through the GnuPG command-line tools.

Typing Gpg–card-edit Opens the connection to the card;

The Admin command enters configuration mode,

generategenerates a key pair, and so forth.

Earlier versions of the applet could only generate a new key pair

On the card itself (and could not import an existing key),

But this have been fixed in subsequent releases.

The one limitation to being aware of with the OpenPGP applets is

That the hardware have limits on the size and types of key it can store.

It supports maximum key sizes of 2048 bits for RSA keys

and the bits for Elliptic Curve cryptography (ECC) keys (of the Finite-field, ECC-OVER-GF (p) variety),

Due to the limitations of the cryptographic coprocessor on the NXP a700x Security microcontroller chip.

There is several key types allowed, but all must be explicitly supported-in fact,

GnuPG ' s ECC support is only added in the GnuPG 2.1 Development Branch,

and is regarded as unstable.

Yubico ' s Klas lindfors told forum members that the company have been experimenting with other elliptical curve keys,

Although at the moment it does does feel that GnuPG 2.1 have stabilized enough to roll out of support.

For those interested in exploring the OpenPGP functionality in detail,

Yubico's Simon Josefsson have written a detailed account of how the NEO's OpenPGP applet can be used-

Including quite a few less-than-common options like embedding a JPEG photo into the key.

The PIV applet implements a US national Institute of Standards and Technology (NIST) identity standard CALLEDSP 800-73-3.

This was a FIPS specification that stores a secret key on the device, which was then usable to encrypt or sign messages.

In practice, this was far less likely to be of practical value than the OpenPGP applet

For those who does not have the to work with US government–mandated fips-compliant systems.

But other applets is certainly possible, and there appear to being users on the discussion forum

Who has undertaken development of their own applets-including, for example, a Bitcoin wallet applet.

Yubico also seems to being working on other possibilities;

It has evidently developed a yet-to-be-released Bitcoin applets of its own

(which have been alluded to on the forums and are evident in the company's GitHub repository).

U2F and more

One final tidbit of trivia concerns Yubico ' s support for the

Universal 2nd Factor (u2f) two-factor authentication standard.

The standard was published by the FIDO Alliance, a industry group to which Yubico belongs.

Back when the first public drafts began to appear in early 2014,

Yubico announced its intention-support u2f in the YubiKey product line,

Although exactly how it would does so remained unclear.

The company have now released and separate u2f-capable products.

One is a u2f-only token called the FIDO Security Key.

The other, however, was a refresh of the NEO that adds u2f functionality alongside the OTP and smartcard functions.

Those NEOs shipped from Yubico after October 1 support U2F,

Since it is implemented as a firmware-level feature.

Older NEOs cannot be field-upgraded to support u2f

Because all YubiKey models-by Design-cannot is reflashed with new firmware.

Since the product name was unchanged and there are no easy-to-tell-one NEO from another on the outside,

This refresh spawned a fair amount of confusion among YubiKey customers.

Some of them, in fact, took-the company-to-task for advertising, the NEO is certified for u2f

But neither clearly stating this some NEOs would remain incompatible, nor offering purchasers any upgrade path.

On the other hand, it does seem like implementing u2f support in a javacard applets would be possible.

The idea had been floated multiple times on the forums, so far with no response either the "from the company".

Then again, NEO owners ' frustration with the u2f feature

May simply motivate some third-party developers-undertake the task on their own.

As always, it's difficult to form a objective conclusion about the value proposition that the YubiKey NEO provides.

The NEO remains quite a bit more expensive than the other YubiKey models ($ compared to $),

But with working smartcard functionality, it does quite a bit more.

The OATH applet support removes the Two-slot configuration limit,

Which is a big deal to many customers.

The case for the OpenPGP and PIV applets are harder to make.

There is many other smartcard options on the market,

The most of which is cheaper than the NEO and many of which do not come with the same key-size limitations.

When it comes-getting the most value out of a piece of hardware, though,

The addition of OpenPGP functionality in such a compact and portable format is appealing, indeed.

The software side of the product remains muddled in several key places:

Out-of-date or incorrect documentation,

Numerous inconsistencies (even on simple matters like program names),

And very little in the "the".

The company does seem to being committed to free software,

Though-its releases tend to be GPLv3 unless they is derived from other works-

So perhaps it would simply require some additional engagement with the community

The simple user experience of the basic YubiKey viable for it more complex features as well.

The YubiKey NEO--Smartcard features