Initial requirements
We only need a key-value store on the device without any additional requirements.
example.org => [Key for example.org]acme.com => [Key for acme.com]
Multiple keys per service
We want to allow devices to store multiple keys per service. For example, a user might have more than one GMail accounts. To solve this, we associate each key with a key handle instead of with a service. During registration, the device sends a key handle which is kept by the service. When authenticating, the service sends the key handle back to the device.
KeyHandle[0x21AE9B] => [Key 1 for example.org]KeyHandle[0xFBD308] => [Key 2 for example.org]KeyHandle[0x18C77B] => [Key 1 for acme.com]
Limited storage on device
The above implementation would work for a U2F device with lots of (tamper-resistant) storage. Unfortunately, this would make devices more expensive. However, since U2F does not specify how to store keys, we are free to come up with another solution — so we did:
Key generation scheme used by Yubico U2F devices