Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:09 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Tue Jun 20, 2017 3:29 pm 
Offline

Joined: Tue Jun 20, 2017 3:11 pm
Posts: 1
I would like to use YubiKey 4 to sign arbitrary binary blobs.

1) Is it possible to generate (or import) RSA 3072 keys on YubiKey 4? How?

I have tried to use the PIV tool (which currently only supports up to RSA 2048 keys) and pkcs11-tool (which does not list a suitable mechanism, e.g. RSA-PKCS-KEY-PAIR-GEN).

2) Does YubiKey 4 support RSA keys with public exponent other than 65537 (0x10001)?


Last edited by rebane on Wed Jun 21, 2017 10:56 am, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Jun 20, 2017 4:06 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
RSA 3072 can only be done on the OpenPGP applet via gpg2 commands. 3072 is not a supported algorithm in the PIV spec.

No, exponent 3 is not supported. We only accept F4 as an exponent since 3 is considered weak and could lead to some theoretical attacks. This also follows the specifications of the OpenPGP card which supports this behavior.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Google [Bot] and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group