> A frequent question here is if non resident keys are less secure than resident ones. Credential ID's as key wrapped keys are secure since they are encrypted with aes128 and hmaced.
This is incorrect. The strategy for how handles represent a public/private keypair is security-key specific. For example, Yubikeys shipped before firmware 4.4 used a different algorithm, and Solo keys use a third.
Platforms may also ignore requests for non-resident credentials, and return a handle reference to a resident one instead.
This is incorrect. The strategy for how handles represent a public/private keypair is security-key specific. For example, Yubikeys shipped before firmware 4.4 used a different algorithm, and Solo keys use a third.
Platforms may also ignore requests for non-resident credentials, and return a handle reference to a resident one instead.