Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 8:44 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 14 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Thu Jan 23, 2014 1:45 am 
Offline

Joined: Wed Jan 22, 2014 7:30 pm
Posts: 6
The OpenPGP card applet in the Yubikey NEO only supports 2048 bit RSA keys. Is there any plan to support larger keys and EC keys?

"opensc-tool --list-algorithms" indicates that the Yubikey NEO is capable of:
Code:
Algorithm: rsa
Key length: 1024

Algorithm: rsa
Key length: 2048

Algorithm: rsa
Key length: 3072

Algorithm: ec
Key length: 256

Algorithm: ec
Key length: 384


Is there any plan to accommodate larger key sizes in the hardware, such as 4096 bit RSA?

.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Jan 23, 2014 8:17 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
No, only 2048.

No plans for more currently.

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Thu Jan 23, 2014 10:13 am 
Offline

Joined: Mon Jan 20, 2014 9:22 pm
Posts: 22
ppc wrote:
The OpenPGP card applet in the Yubikey NEO only supports 2048 bit RSA keys. Is there any plan to support larger keys and EC keys?

"opensc-tool --list-algorithms" indicates that the Yubikey NEO is capable of:

Is there any plan to accommodate larger key sizes in the hardware, such as 4096 bit RSA?

.


Don't trust OpenSC on this - it is apparently wrong. It seems that 2048+ RSA is not supported by the card (I wish it did 3k) and ECC requires more work on GnuPG side, still. Non-NIST curves in GnuPG is another problem point.

If you can withstand the trouble of changing your PGP keys, changes to the appelt can be done independently from Yubico.

_________________
OpenKMS GlobalPlatform - simple way to manage applications on your NEO
Applet Playground - explore open source JavaCard applications
PGP: 0x307E3452


Top
 Profile  
Reply with quote  
PostPosted: Sun Jan 26, 2014 10:47 pm 
Offline

Joined: Wed Jan 22, 2014 7:30 pm
Posts: 6
Quote:
Don't trust OpenSC on this - it is apparently wrong. It seems that 2048+ RSA is not supported by the card (I wish it did 3k) and ECC requires more work on GnuPG side, still. Non-NIST curves in GnuPG is another problem point.


The Yubikey NEO is using a NXP SmartMX P5CD081, right? The hardware supports 4k RSA keys and ECC (though you're right about the GnuPG ECC/non-NIST support... no point in chasing that).

Is there any reason I'm not seeing that this couldn't be fixed in the applet?


Top
 Profile  
Reply with quote  
PostPosted: Wed Jan 29, 2014 9:30 pm 
Offline

Joined: Mon Jan 20, 2014 9:22 pm
Posts: 22
ppc wrote:
The Yubikey NEO is using a NXP SmartMX P5CD081, right? The hardware supports 4k RSA keys and ECC (though you're right about the GnuPG ECC/non-NIST support... no point in chasing that).
Is there any reason I'm not seeing that this couldn't be fixed in the applet?


The same way my CPU can handle (in theory) 2^64 of memory, yet it pracitcally handles a bunch of gigabytes which in turn is limited by the motherboard support and number of slots.

At least according to "public specs" the JCOP chip can't do more than 2k, maybe there is some proprietary extension in JCOP that allows to do some, but then again, you'd be able to take the "NDA your grandma" approach to get that. You can't initiate a key with a bigger bit size than 2k according to JC.

Have a look at http://www.fi.muni.cz/~xsvenda/jcsupport.html

Support for ECC is a different story.

_________________
OpenKMS GlobalPlatform - simple way to manage applications on your NEO
Applet Playground - explore open source JavaCard applications
PGP: 0x307E3452


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 13, 2014 8:28 pm 
Offline
Site Admin
Site Admin

Joined: Thu Apr 19, 2012 1:45 pm
Posts: 148
Hello,

Just to clear the confusion, it's based on the a700x chip from nxp (http://www.nxp.com/products/identificat ... AMILY.html) so it's limited to 2048 bit RSA and 320 bit ecc over gf(p).

/klas


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 13, 2014 9:37 pm 
Offline

Joined: Wed Jan 22, 2014 7:30 pm
Posts: 6
Thanks for clearing that up. (I'm sorry for muddying the waters; I was working off of what the NXP TagInfo app reported.)


Top
 Profile  
Reply with quote  
PostPosted: Wed Jun 18, 2014 8:28 am 
Offline

Joined: Tue Nov 05, 2013 3:08 am
Posts: 17
The OpenPGP applet doesn't have ECC support, let alone for 320-bit keys.

The PIV applet depending on which version you have might support ECC, but only 256-bit keys. Not 320-bit keys. When will a PIV applet or similar be available that can use 320-bit ECC keys (PKCS#11/X.509)?

Is it possible to use secp256k1 curve or other 256-bit curves rather than the secp256r1 curve which is rumored to be backdoored by the NSA?

Similarly is it possible to use Koblitz or other curves at key-sizes greater than 256-bits (up to 320-bits) such as K-283, brainpoolP320r1, or brainpoolP320t1? Would the hardware support these and it's just a matter of the software (applets) to implement/use them?

I believe RSA2048, which is equivalent to 112-bit symmetric key, and ECC P-256, which is equivalent to 128-bit symmetric key, may be insufficient for some uses. For example the US Government requires key-lengths of 192 or greater for highly sensitive data. I guess this is not a requirement for most YubiKey users nor a goal of Yubico, but it would be nice to have on-par security especially if the hardware supports it and it's just a software development issue. It could also be a boon to Yubico to sell into government areas, all though this will probably need improvements in other areas as well, such as tamper-resistance.


Top
 Profile  
Reply with quote  
PostPosted: Wed Jun 18, 2014 8:55 am 
Offline
Site Admin
Site Admin

Joined: Thu Apr 19, 2012 1:45 pm
Posts: 148
Hello,

For the openpgp applet we've held off on ecc support since there is no spec and gnupg 2.1 is still so much in flux. When there is stable software supporting smartcard with ecc there we plan to revisit this.

For PIV only two ecc curves are defined secp256r1 and secp384r1, of those only secp256r1 can run in the Neo (since it only support curves up to 320 bit). So implementing other curves here would break with the spec and supporting software..

In experiments we've run a couple of other curves:
brainpoolp256r1
brainpoolp256t1
brainpoolp320r1
gost2001
secp256k1
secp256r1
frp256v1

other curves might work as well, though not tested by us.

/klas


Top
 Profile  
Reply with quote  
PostPosted: Wed Jun 18, 2014 9:34 am 
Offline
Site Admin
Site Admin

Joined: Thu Apr 19, 2012 1:45 pm
Posts: 148
and as a follow-up, we've published the test applet for those curves at: https://github.com/Yubico/ykneo-curves

pull requests with more curves are ofcourse welcome.

/klas


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 14 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group