Security keys and hardware wallets

·

3 min read

What are security keys?

An external device that can perform a specific function of confirming cryptographic checks securely.

(I'll pat myself on the back for that).

I'm making this as a definition to allow for variability. In the sense that, a security key is most likely a standalone USB device, but it could also be set up on a phone, or on another USB device that performs other functions. But in these variations, a secure environment is primary. Google Pixel and Ledger devices have additional "extra secure" chips.

Let's elaborate.

Security keys

They perform this specific function of receiving data encrypted with public keys, decrypting and confirming that the given data is correct, and then sending back a response encrypted with a private key. This private key is the linchpin here. It is stored on the device.

Now, that might be an inaccurate description of the process (when I finally do understand asymmetric cryptography, I'll write something like this about it), but it is quite an apt analogy.

To become a security key, a device must have the ability to store a private key in a secure, tamper-proof environment (think: chips), and perform the cryptography process I described earlier.

To use, the device would communicate with a "service" that needs authentication. This service could be a standalone app or a website (via a browser). And communication can happen via NFC, Bluetooth, or firmware (?: a USB is plugged into a device). Either way, communication is made with a standardized protocol. This is where FIDO comes in.

FIDO is an alliance of organizations and companies in charge of the protocol security keys communicate with. FIDO U2F was/is the first version of this protocol. FIDO2 or FIDO CTAP is the newer version. Something like that, you can look it up more. I was just interested in how they fit into the whole thing.

Let's do a brief recap

Security key, asymmetric cryptography, secure chips, authentication service, communication protocol, and FIDO.

Security keys are really good at what they do. But with crypto stuff like this, it's a one-way trip. You lose access to this key, you lose access to whatever it secured. It is recommended to set up a backup key.

Hardware wallets

Stroll the crypto airwaves a bit and you'll come across it. I wondered what relationship it had with security keys.

The short answer? Basically the same thing.

Basically? What's the difference?

Hardware wallets seem to be more versatile.

Hardware wallets are referred to as cold storage for your cryptocurrencies and tokens. Crypto is not really stored on the device. It operates with the same principle as the security key by storing the private keys of your blockchain addresses. Essentially, you provide your private key and confirm you should have access to an address.

Versatility comes with the support of the many protocols of the different blockchains. When you want to add some new coin/token storage, you simply "install" it.

The similarity with secure keys?

You can "install" support of the FIDO protocol on your hardware wallet and there you go!


Ah. That summarises the content of what I learned today.

For your reference:

-- Deji Joseph