Re: [Q?] YubiKey 4, RSA3072 with public exponent 3 for signi

2017-06-20T16:06:22+01:00

RSA 3072 can only be done on the OpenPGP applet via gpg2 commands. 3072 is not a supported algorithm in the PIV spec.

No, exponent 3 is not supported. We only accept F4 as an exponent since 3 is considered weak and could lead to some theoretical attacks. This also follows the specifications of the OpenPGP card which supports this behavior.

Statistics: Posted by ChrisHalos — Tue Jun 20, 2017 4:06 pm

[S!] YubiKey 4, RSA3072 with public exponent 3 for signing

2017-06-21T10:56:36+01:00

I would like to use YubiKey 4 to sign arbitrary binary blobs.

1) Is it possible to generate (or import) RSA 3072 keys on YubiKey 4? How?

I have tried to use the PIV tool (which currently only supports up to RSA 2048 keys) and pkcs11-tool (which does not list a suitable mechanism, e.g. RSA-PKCS-KEY-PAIR-GEN).

2) Does YubiKey 4 support RSA keys with public exponent other than 65537 (0x10001)?

Statistics: Posted by rebane — Tue Jun 20, 2017 3:29 pm

Yubico Forum

Re: [Q?] YubiKey 4, RSA3072 with public exponent 3 for signi

[S!] YubiKey 4, RSA3072 with public exponent 3 for signing