YubiKey: A Quick Explanation of Everything It Does
If you are reading this it is likely that you have already heard of Yubico’s YubiKey.
You might have come across it after announcements from Google, Github and others declaring that they now support a stronger second factor authentication option called FIDO Universal 2nd Factor or U2F. Great! You know you want better security, especially better security that is easy to use!
So, you did a little deeper…
The YubiKey is a small, rugged, nearly indestructible keychain sized USB device that is able to securely store secrets and perform a number of cryptographic operations on behalf of the user. These cryptographic operations serve as the foundation of the advertised features of the YubiKey which I would categorize into two general buckets:
Multi-factor authentication (MFA) features
Specifically Universal 2nd Factor (U2F), OATH TOTP and HOTP, and Yubico OTP, and
Specifically OpenPGP and PIV/X.509 based encryption and signing.
In this post, I will distill the many things I’ve learned while trying to grok the YubiKey, it’s related security features, and it’s common use-cases.
As mentioned, the YubiKey is a small, lightweight USB device. As of this writing (August 2016), there are currently 3 generations being sold:
- YubiKey 4
- YubiKey NEO
- FIDO U2F Security Key
The YubiKey 4 comes in two form-factors.
One form-factor is a keychain fob sized device with dimensions 18mm x 45mm x 3mm (approx. 0.7in x 1.8in x 0.1in). It can live on your keychain or in a desk drawer. It is pictured above.
The other form-factor is smaller at 12mm x 13mm x 3mm (approx. 0.5in x 0.5in x 0.1in) and is intended to semi-permanently reside inside of a USB port on your computer. This is useful if you intent to use the YubiKey a lot and would rather not have to plug it in multiple times a day. The downside though is that it monopolizes an entire USB port, which on Macbooks are at a premium.
The two form-factors have exactly the same features and capabilities.
The YubiKey 4 feature-wise is a superset of the YubiKey NEO, specifically more encryption and more storage but with two notable exceptions:
(1) the NEO supports communicating via NFC in addition to USB which allows it to communicate with NFC enabled Android phones. This is a very compelling feature if you want to bring your YubiKey MFA protections to services that you use on your Android phone. This is in stark contrast to iOS which the YubiKey is effectively worthless with.*
(2) The YubiKey NEO is somewhat open source with it’s use of freely available Java Card applets hosted on Github while the YubiKey 4 is not open source at all. People are varied with their reaction to this change; some have stopped recommending YubiKey altogether while Yubico argues there is a conflict between providing the most secure YubiKey and being open source. There are a lot of finer details relevant to this discussion so I recommend that anyone who is sensitive to the fact that the YubiKey 4 is closed-source read up on the discussions taking place.
The FIDO U2F Security Key is a simpler and cheaper device that only implements the U2F features described below.
This document focuses on the functionality provided by the YubiKey 4 and YubiKey NEO.
All devices have a single, capacitive touch surface on them. On the keychain form-factor it is the circular golden metallic indentation on the top surface of the device. On the Nano form-factor the touch surface is the curved end that protrudes slightly from the USB port. It is important to note that these touch sensors are not biometric in any way. They are used because many of the YubiKey’s features are initiated or confirmed by a touch gesture.
I think the YubiKey’s features are best understood as falling into one of two categories: Multi-factor authentication (MFA) related features, and Smartcard related features.
Multi-Factor Authentication (MFA) features include:
- Yubico OTP
- Universal 2nd Factor (U2F)
- Challenge / Response
Smartcard features include:
The YubiKey also supports a feature called Static Password which I won’t go into in this post. See the YubiKey Personalization Tool for more information.
Multi-factor Authentication Features
The majority of the press you’ve seen about the YubiKey probably focuses on features related to multi-factor authentication (MFA), specifically U2F and Yubico OTP. The YubiKey also supports time based one-time passwords (TOTP) and event based one-time password (HOTP). In these MFA use-cases the YubiKey can augment or replace the mobile app or SMS messages that may currently be used.
Different MFA algorithms use different pieces of information to generate their codes. I will briefly explain key aspects of each algorithm that the YubiKey supports.
Universal 2nd Factor (U2F)
Universal 2nd Factor (U2F) is a standard started by Google and Yubico as a modern MFA strategy that is easier for the user to use while providing higher security guarantees that other MFA techniques.
The user experience of U2F is similar to Yubico OTP described below but with a key difference: U2F requires browser support to facilitate connecting to and using the YubiKey. Currently Google Chrome is the only mainstream browser to support U2F out of the box. Yubico OTP doesn’t require browser support.
U2F is currently supported by the following services:
- Google (Drive, YouTube, Wallet, Google )
- and a few others
The YubiKey works out of the box as a U2F device. No user configuration or intervention is required.
The specifics of how U2F works, how it is implemented, and how it is stronger than other MFA strategies is beyond the scope of this post but if you’re interested Yubico has a very readable technical introduction to the U2F protocol.
Yubico OTP is a MFA strategy that utilizes a long 44 character string as the one-time password (OTP). An example of a Yubico OTP string is below:
The string changes on each press:
Sites that support Yubico OTP include:
The YubiKey supports Yubico OTP out of the box without requiring any user configuration. Yubico OTP has an advantage over U2F in that it doesn’t require browser support. Yubico OTP’s downsides include it being somewhat YubiKey specific while U2F is a standard and Yubico OTP being theoretically less secure than U2F.
Timer Based OTP (OATH-TOTP)
Timer based one-time passwords (OTP), known technically as TOTP, is an algorithm that computes a numeric 6 or 8 digit code based in part on the current time. Because of this, these TOTP values change at some frequency (usually every 30 seconds).
On Google, the TOTP input screen looks something like this:
Because time is an input to the TOTP algorithm and the fact the YubiKey doesn’t have an internal clock, TOTP codes can only be generated by the YubiKey with the help of a supporting application. The Yubico Authenticator software is a companion app that uses the computer’s time along with secrets stored on the YubiKey to generate the current TOTP value for a particular site. The application is available on Windows, Mac, Linux and on Android.
YubiKey 4 can store up to 32 TOTP or HOTP credentials while the YubiKey Neo can store up to 28.
Event Based OTP (OATH-HOTP)
Event based one-time passwords (OTP), known technically as HOTP, are very similar to the TOTP algorithm described above as they both produce numeric 6 to 8 digit codes except that instead of using time as an input to the algorithm, HOTP uses an incrementing counter. For this reason, HOTP values change on every request for an HOTP code.
There are two ways to configure an YubiKey to generate HOTP codes. First, you can use the same Yubico Authenticator app described above for TOTP. When adding the credentials, select the HOTP type instead of TOTP.
Alternatively, HOTP codes can be emitted with just a finger press by using the YubiKey Personalization Tool.
In my opinion it is very unlikely you’ll encounter a HOTP protected service.
Challenge / Response
The challenge / response feature of the YubiKey is a variant of both the Yubico OTP and HOTP features described above. I think it’s usefulness is limited for a general internet user so I will avoid describing it in any detail. I recommend people read the YubiKey user manual for more information.
A YubiKey is not configured to handle challenge / response from the factory. The challenge / response feature is enabled and configured with the YubiKey Personalization Tool and initiated with a touch gesture.
The rest of the main YubiKey features revolve around a technology called a smartcard. A smartcard is a computing platform that traditionally lived in a credit card shaped form-factor and looked something like this:
Smartcards commonly have a processor, memory and it’s own operating system on the card. Smartcards traditionally interfaced with a computer via an external reader peripheral. There are standardized hardware protocols (CCID) and software interfaces (PC/SC) for programming and interfacing with these smartcards over USB.
Today, many vendors produce smartcards that are a single USB device instead of a smartcard and a separate USB reader. The YubiKey is one such device.
Both of the smartcard features described below, OpenPGP and PIV/X.509, enable workflows for establishing trust and privacy between semi-anonymous internet users. Through two cryptographic primitives, signing and encrypting, the OpenPGP and PIV/X.509 features help guarantee the following online:
- Something sent was actually sent by the stated person and not by an impersonator (*signing*)
- Something sent was actually sent by the stated person and not altered in transit (*signing*)
- Something sent to another will only be readable by the intended recipient and not a third-party (*encrypting*)
OpenPGP and PIV/X.509 features accomplishes this (in part) with the use of secret values (private keys) that should only ever be seen by their owner. The guarantees of these systems are only valid if these private keys remain secret.
OpenPGP is an open standard that specifies algorithms for the signing and encrypting data and establishing trust between semi-anonymous internet users. OpenPGP builds trust between internet users in a peer-to-peer fashion. Collectively, with the help of the network of OpenPGP users, a person can trust a larger group of people than they would be able to alone. This OpenPGP trust model contrasts with the X.509 model which is more hierarchical.
OpenPGP is generally used for:
- Encrypting emails so as to be viewable only by the intended recipient
- Signing emails to verify who authored the email
- Signing software downloads to ensure they’ve not been tampered with
Instructions on using the YubiKey as an OpenPGP smartcard is beyond the scope of this article. Generally, you will be using the GnuPG command line tool. I found this blog post particularly helpful when setting up my personal YubiKey for OpenPGP.
Personally, the OpenPGP feature was the main motivation for me to purchase a YubiKey.
The United States federal government standard FIPS 201 specifies “Personal Identity Verification” (PIV) requirements for Federal employees and contractors. The YubiKey supports the FIPS 201 and PIV standards which may be used in government or large enterprise settings. More generally though, the YubiKey’s PIV support allows the device to be used as a store for up to 24 (on the YubiKey 4) X.509 certificates and their associated private keys. This is useful for various X.509 workflows not related specifically to PIV.
As mentioned, OpenPGP and X.509 both provide infrastructure for signing and encrypting digital content. While OpenPGP builds trust peer-to-peer, X.509 builds trust hierarchically. Specifically a user trusts a certificate authority and implicitly trusts any certificate the certificate authority trusts. The X.509 trust model is most commonly used for protecting websites (HTTPS/TLS/SSL).
Some use-cases that the YubiKey PIV/X.509 feature supports:
- Setting up a certificate authority
- Application signing for Apple (iOS, macOS)
- Application signing for Android (jarsigner)
- SSH authentication
- Docker Content Trust
The PIV command line tool yubico-piv-tool page is probably the best resource for understanding the the usage of the PIV/X.509 features.
While the YubiKey can add a lot of value, there are a couple negatives that are worth mentioning.
First, the YubiKey is pretty much worthless for iOS (iPhone and iPad) use-cases. One isn’t able to use U2F or TOTP codes with iOS. It may be possible to use Yubico OTP, HOTP, and static password features with iOS according to Yubico but I think that isn’t a very realistic mobile workflow. Android fares a lot better with the YubiKey NEO and it’s NFC support. Either way, it is important to think about how securing services with a YubiKey might work if you want/need to access those services on your mobile devices.
Second, by design, a YubiKey’s secrets, once stored on or generated by the YubiKey, cannot be extracted from the device. One will need to have a recovery plan should the YubiKey become lost or inaccessible for any reason. In the case of U2F, it is recommended that you enroll two separate YubiKeys. In the case of TOTP and HOTP, it is recommended that you store a copy of the secret value string somewhere safe and ideally offline. Similar precautions should be made when using the OpenPGP and PIV/X.509 features. The specifics of the recovery plan differ depending on the specific YubiKey feature and the online service it’s being used with.
I hope this introduction to the features of the YubiKey helps give you a metal model to understand and give shape to how a YubiKey can fit into your online security solutions.
This is an edited version of the original article “Understanding the YubiKey: A Distilled Introduction” posted on webb.codes.