Yubico Forum

I've played around with the CCID smart card features of the Yubikey NEO and have had success with a couple of email clients on desktop operating systems and with K-9 Mail/OpenKeychain for Android. Everyone at my company uses PGP for email encryption, and I'm considering suggesting that we buy Yubikey NEOs for all of our employees particularly for the smart card features.

However these smart card features only support 2048-bit keys. This appears to be the case with most existing OpenPGP smart cards except for this one: http://g10code.com/p-card.html which support 4096-bit keys if you're using gpg2.

Does Yubico have plans to release a Yubikey that supports CCID and 4096-bit keys, like the g10, in the future? While 2048-bit keys are still considered secure, it would be nice to not have to go lower than 4096-bit keys for a variety of reasons.

You'll need someone from Yubico to give a definitive answer. My understanding is that the hardware currently used for the Neo has limits on available RAM and on support for 4096 bit RSA which preclude support for RSA keys of more than 2048 bits in any of the applets.


4096 bit RSA keys have relatively little extra entropy over 2048 bit keys, so offer limited additional protection. The debate as to what is best practice rolls on, with the post I've linked to definitely not being the last word on the subject, though the long term answer is almost certainly moving to elliptic curve crytography.

Now that GnuPG 2.1 is released, there is a freely available OpenPGP implementation supporting elliptic curve keys, but I'm not sure the extension to the OpenPGP smartcard standards for elliptic curve support is finalised yet. Of course, elliptic curve support doesn't exist in older implementations, including the GnuPG 1.x series preferred by some for the lower number of dependencies. This means elliptic curve keys are of limited use at the moment.


If you have a need for 4096 bit RSA support, the current limitation on the Neo's OpenPGP applet is annoying. I mention this merely to say that, in the medium term, elliptic curve support is arguably more important than support for RSA keys larger than 2048 bits.

Hopefully, in time, there will be a newer version of the Neo hardware that supports common elliptic curves, RSA up to 4096 bit and fast SHA-512 (which I believe was the limitation precluding public release of the Bitcoin applet).