/ Documentation / Keyslots / FIDO2 keyslots

FIDO2 keyslots

YubiKey, Google Titan, Nitrokey, Windows Hello - hardware-backed unlock.

FIDO2 keyslots use the CTAP2 hmac-secret extension to derive a deterministic per-credential secret from your hardware authenticator. That secret derives the wrap-KEK that unlocks the vault.

Supported devices

LUKSbox treats every CTAP2 + hmac-secret authenticator the same way at the protocol level. We split the device list into what we have actually exercised end-to-end in our lab and what should work by spec but we have not yet personally tested.

Tested in our lab

Device USB ID cred_id length Notes
YubiKey 4 / 5 / Bio 1050:* 64 B Classic key-handle format. Primary regression target.
Yubico Security Key Series ("Security Key NFC", "Security Key C NFC") 1050:* 64 B Same Infineon silicon and same FIDO2 + hmac-secret firmware path as YubiKey 5, the YubiKey-side regression target covers this product line at the protocol level. Cheapest first-party Yubico device for LUKSbox use.
Google Titan Security Key v2 18d1:9470 288 B Larger cred_id; supported via slot layout V3.
SoloKey 2 / Solo 2 0483:* 64-140 B Stateless mode produces larger cred IDs.
Nitrokey 3 (USB-C / NFC) 20a0:42b2 158 B Open-firmware (Trussed framework, Rust). Larger cred_id stored via slot layout V4; verified cross-platform (enroll and unlock on Linux, macOS, and Windows).
Windows Hello platform authenticator windows://hello n/a Win11 22H2+; PIN, fingerprint, or face.

These are exercised end-to-end (enroll -> unlock -> revoke -> re-enroll) on the example binaries under crates/luksbox-fido2/examples/ on every release that touches the FIDO2 path.

Planned / expected to work but not yet exercised

Device Expected status Notes
USB Armory Mk II + custom FIDO2 firmware Research / DIY only; on the test plan Not a turnkey FIDO2 token (general-purpose i.MX6UL processor running custom firmware). Tested for completeness as part of the device-survey effort, not as a recommended daily-driver device, see the side-channel note in the Choosing a hardware key section.
Trezor Safe 3 / Safe 5 Spec-compliant; not yet in our matrix CTAP2 + hmac-secret per Trezor's documentation. Wallet-vendor; FIDO2 is a secondary feature.
Token2 PIN+ Spec-compliant; not yet in our matrix Niche Swiss vendor; less public scrutiny.
OnlyKey Spec-compliant; not yet in our matrix Pinpad on the device; open firmware.

Anything CTAP2-compliant with the hmac-secret extension should work even if it's not in either table, those are the only protocol features LUKSbox actually requires. If your device produces cred IDs above 352 bytes, file an issue and we'll bump the cap (no production device we know of exceeds 300 B). If you successfully use a device that's not in either table, please tell us so we can move it to the "Tested" row in the next release.

Two FIDO2 modes, and the backup-passphrase nuance

LUKSbox exposes two SlotKind values for FIDO2 enrollments:

Mode What the FIDO2 slot stores What the MVK is
Fido2HmacSecret (default; the "wrap" radio in the GUI) cred_id, hmac_salt, wrapped MVK ciphertext + AEAD tag A fresh random 32 bytes wrapped under a KEK derived from the device's hmac-secret response
Fido2DerivedMvk (the "FIDO2-direct" radio) cred_id, hmac_salt only, no wrapped MVK ciphertext The HKDF expansion of the device's hmac-secret response. The MVK doesn't exist on disk anywhere

The interesting question is what a backup keyslot does to each mode. Both modes can have other keyslots added to the same vault; those slots wrap the same MVK under their own KEKs. Once any passphrase slot exists, the offline-disk-stolen attack surface is identical between the two modes:

Configuration Wrapped MVK on disk? Recover from device loss? Offline brute-force surface
Fido2HmacSecret, no backup Yes (under FIDO2-derived KEK only) No Wrap KEK is FIDO2-derived; brute-force needs to break CTAP2 hmac-secret
Fido2HmacSecret + passphrase backup (added later via the keyslot manager / enroll) Yes (one slot per kind) Yes (use backup) The passphrase slot becomes the weakest link; Argon2id slows it
Fido2DerivedMvk, no backup No (this is the defining property) No Nothing to brute-force, there is no ciphertext for this slot
Fido2DerivedMvk + passphrase backup (filled in the create form, auto-enrolled after create_with_fido2_derived_mvk) Yes (a passphrase slot is added wrapping the same MVK under the passphrase KEK) Yes (use backup) Same as wrap + backup, the passphrase slot is the weakest link

So the design rule is:

Choosing a hardware key

LUKSbox treats every CTAP2 + hmac-secret authenticator the same way at the protocol level. The choice between vendors is a function of price, maturity, public audit history, NFC support, and whether the vendor's silicon is known to have a published side-channel attack against an obsolete firmware. The table below is a snapshot from 2026; prices are EUR approximations from the vendors' official EU stores and do not include shipping or VAT where applicable. Always check the vendor's current page for the authoritative number.

Vendor / model Price (EUR, approx, no NFC unless noted) NFC Secure element Public attack history Firmware openness Recommended for
Yubico Security Key Series (FW >= 5.7.0; "Security Key NFC" USB-A or "Security Key C NFC" USB-C) around €29-€35 Yes Infineon SLE78 (same family as YubiKey 5; EUCLEAK-mitigated firmware) EUCLEAK (2024) on FW < 5.7.0; mitigated in 5.7+ Closed firmware Cheapest first-party Yubico device that does what LUKSbox needs. FIDO U2F + FIDO2/WebAuthn (incl. hmac-secret) only, no PIV, OpenPGP, OATH, or YubiOTP. If you'd be paying for the YubiKey 5's extra protocols and not using them, this is the right SKU. NFC standard on both form factors.
YubiKey 5 Series (FW >= 5.7.0) around €55-€105 (NFC variants around €60-€105) Yes (5C NFC, 5 NFC, 5 Bio NFC) Infineon SLE78 (EUCLEAK-mitigated firmware) EUCLEAK (2024) on FW < 5.7.0; mitigated in 5.7+ Closed firmware, Common Criteria EAL 6+ on some models Pick over the Security Key Series only if you also need PIV / OpenPGP / OATH / YubiOTP for other tools. For LUKSbox alone the Security Key Series is the same FIDO2 stack at half the price.
YubiKey 5 / Security Key Series (FW < 5.7.0, sold 2017-May 2024) n/a, replace n/a Infineon SLE78 vulnerable to EUCLEAK EUCLEAK extract requires minutes of EM measurement n/a Replace per Yubico YSA-2024-03. Both product lines share the same affected silicon. Firmware is one-time-programmable; no field flash.
Google Titan v2/v3 (USB-C, sold 2021+) around €35 (USB-C model with NFC around €39) Yes on most variants NXP P60/P70 family (different silicon from v1) No published attack on current silicon; vendor disclosed nothing on v2/v3 vs Side Journey to Titan Closed firmware Best price-to-maturity ratio for FIDO2-focused use. Google vendor stability; Feitian-manufactured; cheapest mainstream device that meets our needs.
Google Titan v1 (USB-A, sold 2018-2021) n/a, replace n/a NXP A700X NinjaLab Side Journey to Titan (2021) clones device per-account in 10h of physical access + €10k lab n/a Replace with v2/v3. Side-channel attack is published methodology.
Nitrokey 3 (USB-C, NFC variant) around €32 (USB-A NFC around €60) Yes on Nitrokey 3 NFC Microchip / NXP secure element (model-dependent) No published FIDO2-specific extract attack Open firmware (Trussed framework, Rust) Users who want open firmware they can audit. German vendor, smaller user base than Yubico.
SoloKey Solo 2 (USB-C / Lightning, no NFC) around €31 No on Solo 2 NXP LPC55S69 (TrustZone-M; no dedicated SE) No FIDO2-specific extract on Solo 2 firmware; NCC Group 2020 found LPC55 secure-boot bypass, mitigated in revised silicon Open firmware + open hardware spec Developers, research, and people who want a hackable token. Smaller vendor; fewer audit dollars; price reflects that.
Trezor Safe 3 around €80 No (USB only) Infineon OPTIGA Trust M11 Wallet-domain audits; FIDO2 added recently, less FIDO2-specific scrutiny Firmware open; hardware spec partial Bitcoin / crypto-wallet users who also want one device for FIDO2.
Trezor Safe 5 around €169 No (USB only) Tropic Square TROPIC01 (open SE design) No published attack; chip is new (2024) Firmware open; SE design open via Tropic Square Same as Safe 3, plus users who care that the SE design is itself open.
Token2 PIN+ around €40 Varies Infineon Less public scrutiny; smaller deployed base Closed Budget; less audit transparency; small Swiss vendor.
OnlyKey around €60 No Silicon Labs EFM32 (general-purpose MCU) Less public scrutiny; pinpad on device is the differentiator Open firmware Users who want a pinpad on the device itself (PIN entered on the key, not on the host).
USB Armory Mk II + custom FIDO2 firmware hardware around €150 + significant integration work No NXP i.MX6UL (general-purpose application processor; no dedicated SE) Mk I HABv4 bypass (2017, unfixable on i.MX53). Fixed in Mk II using i.MX6UL silicon revision 1.2+. Same i.MX class boot issues affected multiple NXP application processors. No dedicated FIDO2 audit. Full open platform Research / DIY only. Not a turnkey FIDO2 token: you'd run a custom firmware (e.g. SoloKeys-on-Armory, U2F-Zero port). General-purpose application processor, no dedicated SE, meaningfully weaker against the hardware-side-channel attack class than purpose-built tokens. Original 2017 advisory: Security_Advisory-Ref_QBVR2017-0001.txt.

What we'd pick (and why)

General principles

Vendor security-advisory feeds (subscribe to these)

Hardware-key vendors publish CVE-style advisories on their own schedules. Subscribe / bookmark the right page per device you own; the headline 2024-2026 items per vendor are summarised below.

Vendor Where advisories live Recent 2024-2026 highlights affecting FIDO2 use
Yubico yubico.com/support/security-advisories YSA-2024-03 (EUCLEAK, Infineon ECDSA private-key recovery on FW < 5.7.0), covered above; YSA-2024-02 (FIDO Relying Party enumeration); YSA-2025-02 (FIDO PIN/UV Auth Protocol Two out of conformance); YSA-2026-01 (DLL search path issue in libfido2 / python-fido2 / YubiKey Manager). The DLL advisory is Windows-toolchain-specific and does NOT affect LUKSbox on Windows because LUKSbox uses webauthn.dll directly on Windows, not libfido2; the libfido2 path is Linux/macOS only.
Nitrokey nitrokey.com/blog (no separate advisory page; security-relevant posts live in the blog) Nitrokey 3 firmware v1.8.1 security update (Feb 2025), PIV-smartcard issue, recommended immediate update. Does not affect FIDO2 directly. v1.8.2 (Sep 2025) added passkeys + Bitcoin curve. Subscribe to the blog feed for ongoing visibility; Nitrokey's release cadence is the practical advisory channel.
SoloKeys (Solo 2) github.com/solokeys/solo2/security/advisories No published advisories for the Solo 2 firmware as of writing. The repo has a security policy in place; private disclosure goes through GitHub Security Advisories. SoloKey is a smaller project, fewer disclosure channels, fewer audit dollars; treat the absence of advisories as "smaller deployed base + less public scrutiny," not "verified clean."
Google Titan Google does not publish a dedicated Titan-specific advisory feed. The de-facto channels are the Google Security Blog for major incidents and the Google Help Center for product status. The 2021 NinjaLab "A Side Journey to Titan" attack on the original USB-A Titan was disclosed through NinjaLab, not via a Google advisory; Google did not issue a recall. v2/v3 (Feitian-manufactured, USB-C, 2021+) ship with different silicon and have no public attack disclosure as of writing. Search the Google Security Blog if you suspect a new disclosure; assume "no news" is the current vendor stance on Titan v2/v3.
Trezor trezor.io/support/firmware and blog.trezor.io Trezor's advisories are dominated by wallet-domain issues (PSBT, transaction signing, recovery seed handling). FIDO2 is a secondary feature; less FIDO2-specific disclosure history than Yubico or Google.
Token2 / OnlyKey Vendor-specific pages; smaller signal volume Niche vendors with smaller deployed bases. The same "fewer disclosure channels, fewer audit dollars" caveat as SoloKey applies.

Operational note for LUKSbox users: the LUKSbox project does not re-publish vendor advisories, we don't have visibility into silicon supply chains. We do track the upstream libfido2 library for advisories that affect our Linux/macOS FFI link path, and we update the bundled version on the next release after any relevant upstream fix lands. Windows builds talk to webauthn.dll directly and do not link libfido2, so libfido2-specific advisories (YSA-2026-01 above) only affect the Linux/macOS surface.

Enroll a hardware key

For an existing vault:

luksbox enroll my-vault.lbx --fido2
# Touch the device when prompted (TWICE: once for makeCredential,
# once for getAssertion).

For a fresh FIDO2-only vault:

luksbox create my-vault.lbx --kind fido2
# Same two-touch enrollment + you'll be asked for a backup passphrase.

Multi-device setup

Best practice for any vault you care about:

# Day-1 setup with primary YubiKey
luksbox create my-vault.lbx --kind fido2 --fido2-device /dev/hidraw3

# Add a backup YubiKey kept in a safe deposit box
luksbox enroll my-vault.lbx --fido2 --fido2-device /dev/hidraw4

# Add an emergency passphrase as the third slot
luksbox enroll my-vault.lbx --passphrase

Use luksbox list-fido2-devices to see the path strings to use with --fido2-device. This matters when more than one authenticator is plugged in (otherwise libfido2 picks the first one it sees, which might not be the one you meant).

Windows Hello

luksbox create my-vault.lbx --kind fido2 --fido2-device windows://hello

Routes through webauthn.dll. The OS prompts for your PIN / fingerprint / face. Behaves identically to a hardware key from LUKSbox's perspective - same hmac-secret derivation, same wrap.

Unlocking

luksbox open my-vault.lbx -m /tmp/v --fido2
# Touch your key once.

If your vault has multiple FIDO2 slots and multiple devices are plugged in, LUKSbox tries each slot in turn until one device returns a matching cred_id. Devices that don't have the credential return FIDO_ERR_NO_CREDENTIALS immediately (no touch needed); the matching device prompts for a touch.

What happens cryptographically

For the full enroll + unlock ceremony with sequence diagrams, see docs/CRYPTO_SPEC.md Section 19 in the source repository. Short version:

enroll:  (cred_id, hmac_secret) <- device (2 touches)
         KEK = Argon2id("lbx:fido" || passphrase || hmac_secret, salt)
         wrapped_ct, tag = AEAD_seal(KEK, MVK)
         store: cred_id, hmac_salt, wrapped_ct, tag

unlock:  hmac_secret <- device (1 touch, with cred_id + hmac_salt)
         KEK = Argon2id(...)  # same inputs as enroll
         MVK = AEAD_open(KEK, wrapped_ct, tag)

The hmac_secret is deterministic - same (cred_id, salt) always returns the same 32 bytes from the same device. That's what makes the unlock reproducible without storing the secret anywhere.

Hardware-side risks (what LUKSbox can't fix)

Public security research has demonstrated physical-possession side-channel attacks that extract the secret material from specific FIDO2 silicon. These are the two most impactful published attacks:

Practical takeaway:

Situation What to do
You own a YubiKey 5 with firmware < 5.7.0 Replace it (firmware is one-time-programmable; field flash isn't possible). Yubico's YSA-2024-03 lists serial-number ranges.
You own an original USB-A Google Titan Replace with a current-generation Titan or any post-2024 YubiKey 5.
You have a Nitrokey, SoloKey, Token2, OnlyKey, Trezor Different silicon = different vulnerability profiles. Check that vendor's security advisories.
You lose a hardware key Treat as compromise: revoke its slot + luksbox rotate-mvk, on the assumption a sufficiently-resourced finder could extract the secret over weeks.
You're protecting very-high-value secrets Enroll two different vendors' devices into the same vault. Different silicon = different vulnerability profiles. Add a hybrid-PQ keyslot so a cloned FIDO2 device alone doesn't unlock anything.

LUKSbox's threat model explicitly delegates secure-element security to the device vendor (see Threat model and CRYPTO_SPEC.md Section 19.5). There is no host-side defence against an attacker who can extract the per-credential master from a physical device. What we DO offer:

Bottom line: a current-generation hardware key is meaningfully better than no hardware key, and meaningfully better than a 2018-vintage one. For the full per-paper writeup + per-vendor status matrix, see docs/HARDWARE_SIDE_CHANNEL_NOTES.md in the source repository.