| Yubico Forum https://forum.yubico.com/ |
|
| Larger key size in Yubikey NEO (OpenPGP Card) https://forum.yubico.com/viewtopic.php?f=26&t=1303 |
Page 2 of 2 |
| Author: | air [ Wed Jun 18, 2014 12:20 pm ] |
| Post subject: | Re: Larger key size in Yubikey NEO (OpenPGP Card) |
Thanks Klas, I wasn't aware of the ykneo-curves applet. I will check it out. Does it store the private key or is it only used at run-time? Is there any other PKCS#11 applets besides the PIV applet? I ask because my only reason for using PIV is to gain PKCS#11 support, but the PIV applet appears to be proprietary, since we are not able to perform upgrades of it. I want to be able to use 320-bit ECC, even if it doesn't conform to the PIV standard, such as by using the brainpoolp320r1 curve. |
|
| Author: | Klas [ Wed Jun 18, 2014 1:10 pm ] |
| Post subject: | Re: Larger key size in Yubikey NEO (OpenPGP Card) |
Hard to be aware of it, it's been internal until this morning. It should only be viewed as a demonstrator/test for different ecc curves, nothing to be used as is. With that said though, it stores the keys it generates, one key per curve. The openpgp applet might be possible to use for pkcs11 through opensc, though I haven't tried it and it might require some work. Apart from that the only thing Yubico has for pkcs11 is the PIV applet, which as you noted is proprietary and only available as is on shipped Neos. The problem with adding other curves to the PIV applet is that no supporting software would work with those curves, everything would have to be modified to know about them. Windows wouldn't recognize the algorithm used, OpenSC wouldn't recognize it without patches, etc. /klas |
|
| Author: | air [ Wed Jun 18, 2014 2:51 pm ] |
| Post subject: | Re: Larger key size in Yubikey NEO (OpenPGP Card) |
For OpenPGP I see there is a proposed standard for ECC, RFC 6637, but it is only a proposed standard at this stage. GPG 2.1, which is still in beta after ~3 years, has ECC, but you need to go into expert mode. GPG has support for the curves based on OIDs so Brainpool curves, etc., can be used (all parties would need support of course). Ah that makes sense. I saw it was only a couple of hours (at the time), but saw that it had earlier commits, these must have been from when it was private. I will investigate OpenPGP and OpenSC further. Perhaps with the help from GPG's ECC code and ykneo-curves code it will be possible to add ECC support to the OpenPGP applet. Thanks for the help Klas. |
|
| Author: | hazza [ Sun Nov 09, 2014 3:12 pm ] |
| Post subject: | Re: Larger key size in Yubikey NEO (OpenPGP Card) |
Just a heads-up that GnuPG 2.1.0 has now been released as the 'modern' branch. |
|
| Page 2 of 2 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|