I am trying to create an application that can retrieve the public and private key from a U2F token such as Yubikey Neo in Java language. I tried using a simple Scanner in the console to get anything from the Yubikey Neo but it would not work as it would not be printed (probably because of the format), not like OTP that will be printed out in the Notepad so it can be captured by reader.
I know that like Yubico it offers only implementation in Javascript that is able to retrieve the public key when the user touches the button of the U2F token but until now I haven't found any library in Java that is able to do that. Is there somehow I could get the public and private key from U2F token?
Short answer: You can't extract private keys.
U2F is based on Public-key cryptography (aka asymmetric cryptography). Private keys never leave U2F tokens and are only used inside the tokens (by the internal CPU, usually a built-in smart card) to sign random server challenges.
See simplified U2F authentication diagram here
By using Public-key cryptography, FIDO U2F is much more secure than OTP / TOTP.
More info on FIDO U2F:
http://www.slideshare.net/CloudIDSummit/cis-2015b-fido-u2-f-in-10-minutes-cis-2015
