https://www.imperialviolet.org/2017/08/ ... ykeys.htmlSecurity Keys are (generally) USB-connected hardware fobs that are capable of key generation and oracle signing. Websites can “enroll” a security key by asking it to generate a public key bound to an “appId” (which is limited by the browser based on the site's origin). Later, when a user wants to log in, the website can send a challenge to the security key, which signs it to prove possession of the corresponding private key. By having a physical button, which must be pressed to enroll or sign, operations can't happen without user involvement. By having the security keys encrypt state and hand it to the website to store, they can be stateless(*) and robust.
Embedded, ASICs, etc.
3 posts • Page 1 of 1
I've tried the Yubikey Nano and found it to be quite programmable and full-featured on Linux. I can't testify to its usefulness on other platforms.
I also wrote this kernel module for it back in the day:
Permakey is a Linux kernel module that watches until a defined USB device is removed from your computer and then wipes your RAM, deletes selected files, and turns off your computer.