Yubikey 4

· debian security email gnupg
This blog post is more than two years old. It is preserved here in the hope that it is useful to someone, but please be aware that links may be broken and that opinions expressed here may not reflect my current views. If this is a technical article, it may no longer reflect current best practice.

Today my new Yubikey arrived, a Yubikey 4. There’s a whole load of features packed into the YubiKey, but the only feature I really use is the OpenPGP applet which emulates an OpenPGP smartcard.

This is the only device that is trusted to see my private GnuPG keys at the points where I use them. It helps to keep track of where my keys are, as they can only be in a single place.

Previously I was using a YubiKey NEO which only supported up to 2048-bit RSA keys for GnuPG while the new YubiKey 4 supports up to 4096-bit keys. I’ll be rotating my subkeys at some point in the next week or two but will be keeping the same master key so you won’t need to verify my identity again if you already trust my existing key.

As the YubiKey is sent via the post, there is a risk of its replacement in transit. It wouldn’t be great if my YubiKey was compromised. There’s a ton of Bad Things you can do via USB and then if I give it my private keys too, there’s a lot that can go wrong.

The packaging used for shipping YubiKeys is quite subtle and I don’t imagine anyone would spot it easily:

The envelope the YubiKey 4 was shipped in

The envelope the YubiKey 4 was shipped in

I wrote to Yubico, the manufacturer, to ask what tests I could perform to determine if it had been tampered with, and they replied:

The YubiKeys come packaged with a tamper evident seal which an attacker would have to work around or fabricate a whole new package.

This isn’t great. I mean, you can just make stickers. For the average person this might be OK though and it’s better to have it than not as long as you understand the limited help it provides. It can confirm that tampering has occured, but not that tampering has not occured.

The firmware is stored on a read-only ROM so an attacker would have to fabricate an entirely new YubiKey to make any changes to how it operates.

This is handy. Assuming that you can verify somehow that this is the YubiKey they sent, you can also know that it’s not possible to tamper with the firmware.

The factory programmed Yubico OTP will always start with “cc” and will validate at our demo site. If it does not validate or does not start with “cc” this is potential evidence of tampering and someone else may have the private key for your OTP.

Ok, here’s the first cryptographic proof. These keys are loaded or generated or something in the factory and you can use this to have the key authenticate against Yubico’s servers to confirm that the key is a key that can at least prove it has the key it should have according to the serial number.

They print onto the YubiKey’s packaging a URL, but it doesn’t mention how to verify your key, only how to set it up.

YubiKey 4 in its packaging

YubiKey 4 in its packaging

The U2F attestation certificate presented by the YubiKey is signed by our offline root CA and can be verified for authenticity. More details here.

This is also a cool way to verify the YubiKey. To intercept your YubiKey in transit then, an attacker would need to:

  • Actually do the physical intercepting
  • Replace the YubiKey itself as you can’t modify the ROM
  • Get a valid private key for the OTP to work with Yubico’s servers
  • Get a valid private key signed by Yubico for the attestation certificate
  • Put on a new security seal

So I’m pretty confident that my YubiKey is OK. Of course, you should consider your own threat models when deciding if your YubiKey is safe to use.

If you would like to contact me with comments, please send me an email.
If you would like to support my free software work, you can support me on Patreon or donate via PayPal.

This post was syndicated on: