-
Authentication Phase (YubiKey to Client) & Initial Key Material Exchange
-
Client → YubiKey:
INITIALIZE UPDATE
The client application sends anINITIALIZE UPDATE
command to the YubiKey, providing a client nonce (host challenge). Purpose: Initiates the secure channel process and provides the client’s initial random data for key derivation. -
YubiKey → Client:
INITIALIZE UPDATE
Response The YubiKey responds with:-
Its ephemeral public key (e.g., One-Time Ephemeral Card Encryption Key - OCECKEC).
-
Other key derivation data (e.g., key information, YubiKey’s nonce/card challenge).
-
A Card Authenticator (a cryptogram generated by the YubiKey). Purpose: YubiKey provides its ephemeral key material and a cryptographic proof of its identity.
-
-
Client-Side Authentication & Shared Secret Computation:
-
The client generates its own ephemeral key pair (public and private keys).
-
The client uses its newly generated ephemeral private key and the YubiKey’s ephemeral public key to compute a shared secret (via ECDH).
-
Using this shared secret (or keys derived from it), the client verifies the YubiKey’s Card Authenticator.
-
If successful, the YubiKey is now authenticated to the client.
-
-
II. Key Exchange Completion Phase
-
Client-Side Preparation & Transmission to YubiKey:
-
The client computes a "Host Cryptogram" (or receipt).
-
Client → YubiKey:
EXTERNAL AUTHENTICATE
command, containing:-
The client’s ephemeral public key.
-
The Host Cryptogram/Receipt. Purpose: Client provides its ephemeral key material and confirms correct processing to the YubiKey.
-
-
-
YubiKey-Side Shared Secret Computation & Verification:
-
The YubiKey uses its ephemeral private key and the client’s ephemeral public key to compute the shared secret.
-
The YubiKey verifies the Host Cryptogram/Receipt.
-
III. Secure Channel Established
-
Session Key Derivation & Channel Activation:
-
Both client and YubiKey derive session keys (S-ENC, S-MAC, S-RMAC) from the shared secret.
-
The secure channel is now active for protected communication.
-