FIDO2 & Key Agreement: Does it Work?

TL;DR

No, FIDO2 hardware tokens are not directly designed for key agreement protocols like Diffie-Hellman. They excel at strong authentication but don’t handle the mathematical exchange needed for establishing shared secrets in those ways.

Understanding the Difference

It’s important to understand what FIDO2 does and doesn’t do. FIDO2 (Fast Identity Online 2) is a set of open standards that enable passwordless authentication using hardware security keys, platform authenticators (like your phone’s fingerprint sensor), or mobile authenticators. It focuses on proving *who you are* to a service.

Key agreement protocols like Diffie-Hellman focus on two parties independently establishing a shared secret key over an insecure channel. This key can then be used for encryption and decryption.

Why FIDO2 Doesn’t Do Key Agreement

1. Authentication, Not Exchange: FIDO2 is built around cryptographic signatures to verify your identity. It doesn’t involve the mathematical calculations required for Diffie-Hellman or similar protocols.
2. Relying Party Role: The ‘relying party’ (the website or service) initiates and controls the authentication process. The FIDO2 token responds, proving ownership of a private key but doesn’t participate in generating a shared secret with the client directly.
3. Public Key Infrastructure: FIDO2 relies on public/private key pairs stored securely within the authenticator. The public key is registered with the relying party. Authentication confirms you possess the corresponding private key. This isn’t the same as two parties creating a shared secret together.

What FIDO2 *Does* Enable

FIDO2 provides strong security for:

• Passwordless Login: Eliminating passwords by using your hardware key to authenticate.
• WebAuthn and CTAP: These are the core protocols that FIDO2 uses. WebAuthn is used in browsers, and CTAP allows keys to work with various devices.
• Secure Key Storage: Hardware security keys protect your private key from being stolen or misused.

How to Achieve Key Agreement

If you need key agreement (e.g., for secure messaging), you’ll need a separate protocol and library designed for that purpose. Common options include:

• Diffie-Hellman: The classic algorithm, but requires careful implementation to avoid man-in-the-middle attacks.
• Elliptic Curve Diffie-Hellman (ECDH): More efficient than standard Diffie-Hellman.
• Noise Protocol Framework: A modern framework for building secure communication protocols, often used with key agreement.

Example using OpenSSL to generate a Diffie-Hellman exchange:

openssl dhparam -out dhparams.pem 2048

This generates parameters that can then be used for key exchange.

Can FIDO2 Be *Part* of a Key Agreement System?

Yes, indirectly. You could use FIDO2 to authenticate the parties involved in a key agreement protocol. This ensures you’re communicating with the correct person before initiating the key exchange. However, FIDO2 itself isn’t performing the key agreement.

For example:

1. User authenticates to a server using their FIDO2 key.
2. Server verifies the authentication.
3. Server and user then perform a separate Diffie-Hellman exchange (or use another key agreement protocol).

In Summary

FIDO2 is excellent for strong authentication, but it’s not a substitute for dedicated key agreement protocols. Use the right tool for the job – FIDO2 for proving identity and Diffie-Hellman (or similar) for establishing shared secrets.