Yubico Forum :: View topic - [ANSWERED] Yubikey NEO capabilities

$ opensc-tool --list-algorithms
Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID 00 00
Algorithm: rsa
Key length: 1024
Flags: onboard key generation padding ( none ) hashes ( )

Algorithm: rsa
Key length: 2048
Flags: onboard key generation padding ( none ) hashes ( )

Algorithm: rsa
Key length: 3072
Flags: onboard key generation padding ( none ) hashes ( )

Algorithm: ec
Key length: 256
Flags: onboard key generation

Algorithm: ec
Key length: 384
Flags: onboard key generation

$ pkcs11-tool --module /usr/lib/opensc-pkcs11.so --list-mechanisms
Using slot 1 with a present token (0x1)
Supported mechanisms:
SHA-1, digest
SHA256, digest
SHA384, digest
SHA512, digest
MD5, digest
RIPEMD160, digest
ECDSA, keySize={256,384}, hw, sign, other flags=0x1800000
ECDSA-SHA1, keySize={256,384}, hw, sign, other flags=0x1800000
ECDSA-KEY-PAIR-GEN, keySize={256,384}, hw, generate_key_pair, other flags=0x1800000
RSA-X-509, keySize={1024,3072}, hw, decrypt, sign, verify
RSA-PKCS, keySize={1024,3072}, hw, decrypt, sign, verify
SHA1-RSA-PKCS, keySize={1024,3072}, sign, verify
SHA256-RSA-PKCS, keySize={1024,3072}, sign, verify
MD5-RSA-PKCS, keySize={1024,3072}, sign, verify
RIPEMD160-RSA-PKCS, keySize={1024,3072}, sign, verify
RSA-PKCS-KEY-PAIR-GEN, keySize={1024,3072}, generate_key_pair

Author:	darco [ Mon Dec 01, 2014 9:47 pm ]
Post subject:	[ANSWERED] Yubikey NEO capabilities
Just a bit curious... I did a "list algorithms" on my yubikey neo and got the following output: Code: $ opensc-tool --list-algorithms Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID 00 00 Algorithm: rsa Key length: 1024 Flags: onboard key generation padding ( none ) hashes ( ) Algorithm: rsa Key length: 2048 Flags: onboard key generation padding ( none ) hashes ( ) Algorithm: rsa Key length: 3072 Flags: onboard key generation padding ( none ) hashes ( ) Algorithm: ec Key length: 256 Flags: onboard key generation Algorithm: ec Key length: 384 Flags: onboard key generation Does the Yubikey NEO really support 3072-bit RSA keys, and 384-bit EC keys? I don't see that capability exposed in the apps. Likewise, is the following list of supported pkcs11 mechanisms accurate? Code: $ pkcs11-tool --module /usr/lib/opensc-pkcs11.so --list-mechanisms Using slot 1 with a present token (0x1) Supported mechanisms: SHA-1, digest SHA256, digest SHA384, digest SHA512, digest MD5, digest RIPEMD160, digest ECDSA, keySize={256,384}, hw, sign, other flags=0x1800000 ECDSA-SHA1, keySize={256,384}, hw, sign, other flags=0x1800000 ECDSA-KEY-PAIR-GEN, keySize={256,384}, hw, generate_key_pair, other flags=0x1800000 RSA-X-509, keySize={1024,3072}, hw, decrypt, sign, verify RSA-PKCS, keySize={1024,3072}, hw, decrypt, sign, verify SHA1-RSA-PKCS, keySize={1024,3072}, sign, verify SHA256-RSA-PKCS, keySize={1024,3072}, sign, verify MD5-RSA-PKCS, keySize={1024,3072}, sign, verify RIPEMD160-RSA-PKCS, keySize={1024,3072}, sign, verify RSA-PKCS-KEY-PAIR-GEN, keySize={1024,3072}, generate_key_pair

Author:	hazza [ Tue Dec 02, 2014 2:59 am ]
Post subject:	Re: [question] Yubikey NEO capabilities
This has been elaborated on by Yubico staff in this thread.

Author:	darco [ Tue Dec 02, 2014 7:27 pm ]
Post subject:	Re: [question] Yubikey NEO capabilities
Thanks!

Yubico Forum https://forum.yubico.com/

[ANSWERED] Yubikey NEO capabilities https://forum.yubico.com/viewtopic.php?f=26&t=1637	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/