Yubico Forum
https://forum.yubico.com/

Larger key size in Yubikey NEO (OpenPGP Card)
https://forum.yubico.com/viewtopic.php?f=26&t=1303
Page 1 of 2

Author:  ppc [ Thu Jan 23, 2014 1:45 am ]
Post subject:  Larger key size in Yubikey NEO (OpenPGP Card)

The OpenPGP card applet in the Yubikey NEO only supports 2048 bit RSA keys. Is there any plan to support larger keys and EC keys?

"opensc-tool --list-algorithms" indicates that the Yubikey NEO is capable of:
Code:
Algorithm: rsa
Key length: 1024

Algorithm: rsa
Key length: 2048

Algorithm: rsa
Key length: 3072

Algorithm: ec
Key length: 256

Algorithm: ec
Key length: 384


Is there any plan to accommodate larger key sizes in the hardware, such as 4096 bit RSA?

.

Author:  Tom [ Thu Jan 23, 2014 8:17 am ]
Post subject:  Re: Larger key size in Yubikey NEO (OpenPGP Card)

No, only 2048.

No plans for more currently.

Author:  martinpaljak [ Thu Jan 23, 2014 10:13 am ]
Post subject:  Re: Larger key size in Yubikey NEO (OpenPGP Card)

ppc wrote:
The OpenPGP card applet in the Yubikey NEO only supports 2048 bit RSA keys. Is there any plan to support larger keys and EC keys?

"opensc-tool --list-algorithms" indicates that the Yubikey NEO is capable of:

Is there any plan to accommodate larger key sizes in the hardware, such as 4096 bit RSA?

.


Don't trust OpenSC on this - it is apparently wrong. It seems that 2048+ RSA is not supported by the card (I wish it did 3k) and ECC requires more work on GnuPG side, still. Non-NIST curves in GnuPG is another problem point.

If you can withstand the trouble of changing your PGP keys, changes to the appelt can be done independently from Yubico.

Author:  ppc [ Sun Jan 26, 2014 10:47 pm ]
Post subject:  Re: Larger key size in Yubikey NEO (OpenPGP Card)

Quote:
Don't trust OpenSC on this - it is apparently wrong. It seems that 2048+ RSA is not supported by the card (I wish it did 3k) and ECC requires more work on GnuPG side, still. Non-NIST curves in GnuPG is another problem point.


The Yubikey NEO is using a NXP SmartMX P5CD081, right? The hardware supports 4k RSA keys and ECC (though you're right about the GnuPG ECC/non-NIST support... no point in chasing that).

Is there any reason I'm not seeing that this couldn't be fixed in the applet?

Author:  martinpaljak [ Wed Jan 29, 2014 9:30 pm ]
Post subject:  Re: Larger key size in Yubikey NEO (OpenPGP Card)

ppc wrote:
The Yubikey NEO is using a NXP SmartMX P5CD081, right? The hardware supports 4k RSA keys and ECC (though you're right about the GnuPG ECC/non-NIST support... no point in chasing that).
Is there any reason I'm not seeing that this couldn't be fixed in the applet?


The same way my CPU can handle (in theory) 2^64 of memory, yet it pracitcally handles a bunch of gigabytes which in turn is limited by the motherboard support and number of slots.

At least according to "public specs" the JCOP chip can't do more than 2k, maybe there is some proprietary extension in JCOP that allows to do some, but then again, you'd be able to take the "NDA your grandma" approach to get that. You can't initiate a key with a bigger bit size than 2k according to JC.

Have a look at http://www.fi.muni.cz/~xsvenda/jcsupport.html

Support for ECC is a different story.

Author:  Klas [ Thu Feb 13, 2014 8:28 pm ]
Post subject:  Re: Larger key size in Yubikey NEO (OpenPGP Card)

Hello,

Just to clear the confusion, it's based on the a700x chip from nxp (http://www.nxp.com/products/identificat ... AMILY.html) so it's limited to 2048 bit RSA and 320 bit ecc over gf(p).

/klas

Author:  ppc [ Thu Feb 13, 2014 9:37 pm ]
Post subject:  Re: Larger key size in Yubikey NEO (OpenPGP Card)

Thanks for clearing that up. (I'm sorry for muddying the waters; I was working off of what the NXP TagInfo app reported.)

Author:  air [ Wed Jun 18, 2014 8:28 am ]
Post subject:  Re: Larger key size in Yubikey NEO (OpenPGP Card)

The OpenPGP applet doesn't have ECC support, let alone for 320-bit keys.

The PIV applet depending on which version you have might support ECC, but only 256-bit keys. Not 320-bit keys. When will a PIV applet or similar be available that can use 320-bit ECC keys (PKCS#11/X.509)?

Is it possible to use secp256k1 curve or other 256-bit curves rather than the secp256r1 curve which is rumored to be backdoored by the NSA?

Similarly is it possible to use Koblitz or other curves at key-sizes greater than 256-bits (up to 320-bits) such as K-283, brainpoolP320r1, or brainpoolP320t1? Would the hardware support these and it's just a matter of the software (applets) to implement/use them?

I believe RSA2048, which is equivalent to 112-bit symmetric key, and ECC P-256, which is equivalent to 128-bit symmetric key, may be insufficient for some uses. For example the US Government requires key-lengths of 192 or greater for highly sensitive data. I guess this is not a requirement for most YubiKey users nor a goal of Yubico, but it would be nice to have on-par security especially if the hardware supports it and it's just a software development issue. It could also be a boon to Yubico to sell into government areas, all though this will probably need improvements in other areas as well, such as tamper-resistance.

Author:  Klas [ Wed Jun 18, 2014 8:55 am ]
Post subject:  Re: Larger key size in Yubikey NEO (OpenPGP Card)

Hello,

For the openpgp applet we've held off on ecc support since there is no spec and gnupg 2.1 is still so much in flux. When there is stable software supporting smartcard with ecc there we plan to revisit this.

For PIV only two ecc curves are defined secp256r1 and secp384r1, of those only secp256r1 can run in the Neo (since it only support curves up to 320 bit). So implementing other curves here would break with the spec and supporting software..

In experiments we've run a couple of other curves:
brainpoolp256r1
brainpoolp256t1
brainpoolp320r1
gost2001
secp256k1
secp256r1
frp256v1

other curves might work as well, though not tested by us.

/klas

Author:  Klas [ Wed Jun 18, 2014 9:34 am ]
Post subject:  Re: Larger key size in Yubikey NEO (OpenPGP Card)

and as a follow-up, we've published the test applet for those curves at: https://github.com/Yubico/ykneo-curves

pull requests with more curves are ofcourse welcome.

/klas

Page 1 of 2 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/