Is it reasonable to suspect that manufacturers of hardware authentication keys (such as Yubikey) store copies of the device private keys? With an obvious security risks that it implies?