<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en-gb">
<link rel="self" type="application/atom+xml" href="https://forum.yubico.com/feed.php?f=35&amp;t=2333" />

<title>Yubico Forum</title>
<subtitle>...visit our web-store at</subtitle>
<link href="https://forum.yubico.com/index.php" />
<updated>2016-06-21T14:30:47+01:00</updated>

<author><name><![CDATA[Yubico Forum]]></name></author>
<id>https://forum.yubico.com/feed.php?f=35&amp;t=2333</id>
<entry>
<author><name><![CDATA[jcross]]></name></author>
<updated>2016-06-21T14:30:47+01:00</updated>
<published>2016-06-21T14:30:47+01:00</published>
<id>https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8739#p8739</id>
<link href="https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8739#p8739"/>
<title type="html"><![CDATA[Re: ECC key length?]]></title>

<content type="html" xml:base="https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8739#p8739"><![CDATA[
<div class="quotetitle"><b>Quote:</b></div><div class="quotecontent"><br />YubiKey 4 only supports RSA keys<br /></div><br /><br />Thanks. That is unfortunate!<p>Statistics: Posted by <a href="https://forum.yubico.com/memberlist.php?mode=viewprofile&amp;u=3978">jcross</a> — Tue Jun 21, 2016 2:30 pm</p><hr />
]]></content>
</entry>
<entry>
<author><name><![CDATA[larryv]]></name></author>
<updated>2016-06-14T22:02:40+01:00</updated>
<published>2016-06-14T22:02:40+01:00</published>
<id>https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8721#p8721</id>
<link href="https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8721#p8721"/>
<title type="html"><![CDATA[Re: ECC key length?]]></title>

<content type="html" xml:base="https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8721#p8721"><![CDATA[
Both PIV and OpenPGP use the NIST curves.<br /><ul><li> Section 3.1 of <a href="http://dx.doi.org/10.6028/NIST.SP.800-78-4" class="postlink">NIST Special Publication 800-78-4</a> requires that ECC keys for <a href="http://dx.doi.org/10.6028/NIST.FIPS.201-2" class="postlink">PIV (FIPS 201)</a> be generated from the P-256 or P-384 curves. Thus, the blog post’s claim of 521-bit ECC keys was probably in error, since a smart card using a P-521 key would not be compliant.</li><li> Section 12.1 of <a href="https://datatracker.ietf.org/doc/rfc6637/?include_text=1" class="postlink">RFC 6637</a>, the proposed ECC extension to OpenPGP, prescribes P-256, P-384, and P-521. Unfortunately, <a href="https://www.yubico.com/wp-content/uploads/2016/02/Yubico_YubiKey4YubiKey4Nano_ProductSheet_Feb2016.pdf" class="postlink">YubiKey 4 only supports RSA keys</a>.</li></ul><p>Statistics: Posted by <a href="https://forum.yubico.com/memberlist.php?mode=viewprofile&amp;u=4363">larryv</a> — Tue Jun 14, 2016 10:02 pm</p><hr />
]]></content>
</entry>
<entry>
<author><name><![CDATA[jcross]]></name></author>
<updated>2016-06-11T18:09:41+01:00</updated>
<published>2016-06-11T18:09:41+01:00</published>
<id>https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8703#p8703</id>
<link href="https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8703#p8703"/>
<title type="html"><![CDATA[Re: ECC key length?]]></title>

<content type="html" xml:base="https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8703#p8703"><![CDATA[
Thanks for pointing that out.<br /><br />Is this just for PIV or also OpenPGP keys that use ECC?<p>Statistics: Posted by <a href="https://forum.yubico.com/memberlist.php?mode=viewprofile&amp;u=3978">jcross</a> — Sat Jun 11, 2016 6:09 pm</p><hr />
]]></content>
</entry>
<entry>
<author><name><![CDATA[larryv]]></name></author>
<updated>2016-06-11T17:42:33+01:00</updated>
<published>2016-06-11T17:42:33+01:00</published>
<id>https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8702#p8702</id>
<link href="https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8702#p8702"/>
<title type="html"><![CDATA[Re: ECC key length?]]></title>

<content type="html" xml:base="https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8702#p8702"><![CDATA[
I can’t speak to which figure is correct, but “521” is probably not a typo. The <a href="http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf" class="postlink">NIST-recommended</a> elliptic curve for 256-bit equivalent security is called P-521 and is based on a 521-bit prime.<p>Statistics: Posted by <a href="https://forum.yubico.com/memberlist.php?mode=viewprofile&amp;u=4363">larryv</a> — Sat Jun 11, 2016 5:42 pm</p><hr />
]]></content>
</entry>
<entry>
<author><name><![CDATA[jcross]]></name></author>
<updated>2016-06-06T15:06:08+01:00</updated>
<published>2016-06-06T15:06:08+01:00</published>
<id>https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8685#p8685</id>
<link href="https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8685#p8685"/>
<title type="html"><![CDATA[ECC key length?]]></title>

<content type="html" xml:base="https://forum.yubico.com/viewtopic.php?t=2333&amp;p=8685#p8685"><![CDATA[
Hello,<br />On <a href="https://www.yubico.com/2016/05/secure-hardware-vs-open-source/" class="postlink">this page</a>, Yubico indicates that the YubiKey 4 support up to 521 bit ECC:<br /><div class="quotetitle"><b>Quote:</b></div><div class="quotecontent"><br />&quot;The YubiKey 4 is a single-chip design without a Java Card/Global Platform environment, featuring RSA with key lengths up to 4096 bits and ECC up to <strong>521</strong> bits.&quot;<br /></div><br /><br />But <a href="https://www.yubico.com/products/yubikey-hardware/" class="postlink">on this page</a> it says 384.<br /><br />I am thinking that they both might be wrong as 512 seems much more likely.<br /><br />Which is it?<br /><br />Thanks.<p>Statistics: Posted by <a href="https://forum.yubico.com/memberlist.php?mode=viewprofile&amp;u=3978">jcross</a> — Mon Jun 06, 2016 3:06 pm</p><hr />
]]></content>
</entry>
</feed>