Great project! I like the idea to have an open-source U2F token.
Question: Are the secret keys stored in the nRF52's cryptocell?
If I understand correctly, there are two types of secret key:
the attestation key. In general, it might be shared between a class of authenticator devices, and certified by the device maker; in this case it could not be a cryptocell key, since I suppose keys generated by the cryptocell cannot leave it.
the assertion keys, which are certified by the attestation key. These are generated by the authenticator, one for each relying party. So it makes sense for these to be generated by the cryptocell.
Grateful for comments (or corrections if I have misunderstood).
Great project! I like the idea to have an open-source U2F token. Question: Are the secret keys stored in the nRF52's cryptocell?
If I understand correctly, there are two types of secret key:
the attestation key. In general, it might be shared between a class of authenticator devices, and certified by the device maker; in this case it could not be a cryptocell key, since I suppose keys generated by the cryptocell cannot leave it.
the assertion keys, which are certified by the attestation key. These are generated by the authenticator, one for each relying party. So it makes sense for these to be generated by the cryptocell.
Grateful for comments (or corrections if I have misunderstood).