u2f demo

1. You need u2f-server and u2f-host:
2.  
3. https://github.com/Yubico/libu2f-server
4. https://github.com/Yubico/libu2f-host
5.  
6.  
7. Create a registration challenge:
8.  
9. $ u2f-server -o http://example.com -i http://example.com -a register -d
10. { "challenge": "FwmtzYR737BaWzt0_P4sLOd-e9ooo-VyKJwrPMB2pn4", "version": "U2F_V2", "appId": "http:\/\/example.com" }
11.  
12.  
13. Now start up the host driver:
14.  
15. $ u2f-host -o http://example.com -a register
16.  
17. Paste in the challenge, and hit ctrl-D. u2f-host issues the challenge to the U2F device. In the case of my Yubikey, the light starts blinking.
18.  
19. Touch the device. u2f-host emits the registration response:
20.  
21. { "registrationData": "BQT70kXnjg3tvhKMsV2qnBHig-I0O2c8CEfMoBxHqjxJffviJWQZyJOaWZZ65M2hM1E1o5V6_nhWsm52TrWx0UeqQCVvs-aQzKr-gcTGMNjv5DXk9gpIWP2jCL6F7lk5a6m_X4e6l6tHgJxotppzKJxw13DGo-Pkn-3WJl9XehoIigkwggJEMIIBLqADAgECAgRVYr6gMAsGCSqGSIb3DQEBCzAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowKjEoMCYGA1UEAwwfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTQzMjUzNDY4ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEszH3c9gUS5mVy-RYVRfhdYOqR2I2lcvoWsSCyAGfLJuUZ64EWw5m8TGy6jJDyR_aYC4xjz_F2NKnq65yvRQwmjOzA5MCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS41MBMGCysGAQQBguUcAgEBBAQDAgUgMAsGCSqGSIb3DQEBCwOCAQEArBbZs262s6m3bXWUs09Z9Pc-28n96yk162tFHKv0HSXT5xYU10cmBMpypXjjI-23YARoXwXn0bm-BdtulED6xc_JMqbK-uhSmXcu2wJ4ICA81BQdPutvaizpnjlXgDJjq6uNbsSAp98IStLLp7fW13yUw-vAsWb5YFfK9f46Yx6iakM3YqNvvs9M9EUJYl_VrxBJqnyLx2iaZlnpr13o8NcsKIJRdMUOBqt_ageQg3ttsyq_3LyoNcu7CQ7x8NmeCGm_6eVnZMQjDmwFdymwEN4OxfnM5MkcKCYhjqgIGruWkVHsFnJa8qjZXneVvKoiepuUQyDEJ2GcqvhU2YKY1zBFAiAqby09lS0zKBBIpeafpDAxnbOxBr3Drm3FzwKdRDJbBAIhAKZghC9k0a2BGT7R7cfbnRYQLOZmp5UvOCYuhBInqiud", "clientData": "eyAiY2hhbGxlbmdlIjogIkZ3bXR6WVI3MzdCYVd6dDBfUDRzTE9kLWU5b29vLVZ5S0p3clBNQjJwbjQiLCAib3JpZ2luIjogImh0dHA6XC9cL2V4YW1wbGUuY29tIiwgInR5cCI6ICJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIgfQ" }
22.  
23.  
24.  
25. Now paste this back into the waiting u2f-server, and hit ctrl-D. It will process the response and if successful, will use "openssl x509 -text" to dump the attestation certificate in the response:
26.  
27. Certificate:
28. Data:
29. Version: 3 (0x2)
30. Serial Number: 1432534688 (0x5562bea0)
31. Signature Algorithm: sha256WithRSAEncryption
32. Issuer: CN=Yubico U2F Root CA Serial 457200631
33. Validity
34. Not Before: Aug 1 00:00:00 2014 GMT
35. Not After : Sep 4 00:00:00 2050 GMT
36. Subject: CN=Yubico U2F EE Serial 1432534688
37. Subject Public Key Info:
38. Public Key Algorithm: id-ecPublicKey
39. Public-Key: (256 bit)
40. pub:
41. 04:4b:33:1f:77:3d:81:44:b9:99:5c:be:45:85:51:
42. 7e:17:58:3a:a4:76:23:69:5c:be:85:ac:48:2c:80:
43. 19:f2:c9:b9:46:7a:e0:45:b0:e6:6f:13:1b:2e:a3:
44. 24:3c:91:fd:a6:02:e3:18:f3:fc:5d:8d:2a:7a:ba:
45. e7:2b:d1:43:09
46. ASN1 OID: prime256v1
47. NIST CURVE: P-256
48. X509v3 extensions:
49. 1.3.6.1.4.1.41482.2:
50. 1.3.6.1.4.1.41482.1.5
51. 1.3.6.1.4.1.45724.2.1.1:
52. ...
53. Signature Algorithm: sha256WithRSAEncryption
54. ac:16:d9:b3:6e:b6:b3:a9:b7:6d:75:94:b3:4f:59:f4:f7:3e:
55. db:c9:fd:eb:29:35:eb:6b:45:1c:ab:f4:1d:25:d3:e7:16:14:
56. d7:47:26:04:ca:72:a5:78:e3:23:ed:b7:60:04:68:5f:05:e7:
57. d1:b9:be:05:db:6e:94:40:fa:c5:cf:c9:32:a6:ca:fa:e8:52:
58. 99:77:2e:db:02:78:20:20:3c:d4:14:1d:3e:eb:6f:6a:2c:e9:
59. 9e:39:57:80:32:63:ab:ab:8d:6e:c4:80:a7:df:08:4a:d2:cb:
60. a7:b7:d6:d7:7c:94:c3:eb:c0:b1:66:f9:60:57:ca:f5:fe:3a:
61. 63:1e:a2:6a:43:37:62:a3:6f:be:cf:4c:f4:45:09:62:5f:d5:
62. af:10:49:aa:7c:8b:c7:68:9a:66:59:e9:af:5d:e8:f0:d7:2c:
63. 28:82:51:74:c5:0e:06:ab:7f:6a:07:90:83:7b:6d:b3:2a:bf:
64. dc:bc:a8:35:cb:bb:09:0e:f1:f0:d9:9e:08:69:bf:e9:e5:67:
65. 64:c4:23:0e:6c:05:77:29:b0:10:de:0e:c5:f9:cc:e4:c9:1c:
66. 28:26:21:8e:a8:08:1a:bb:96:91:51:ec:16:72:5a:f2:a8:d9:
67. 5e:77:95:bc:aa:22:7a:9b:94:43:20:c4:27:61:9c:aa:f8:54:
68. d9:82:98:d7