Yubico Forum https://forum.yubico.com/ |
|
Yubikey 4 and RSA 4096 https://forum.yubico.com/viewtopic.php?f=16&t=2114 |
Page 1 of 1 |
Author: | Himartin [ Mon Nov 30, 2015 10:05 pm ] |
Post subject: | Yubikey 4 and RSA 4096 |
Hi, I recently got a Yubikey 4. According to the feature list, this device should support RSA-Keys up to 4096 bit for GnuPG. However, when I do a gpg2 --card-status I get the following: Code: Application ID ...: D2760001240102010006041319390000 In the line Key attributes it only says 2048R, which looks like it only supports 2048-bit keys.Version ..........: 2.1 Manufacturer .....: Yubico Serial number ....: yyyyyyyy Name of cardholder: xxxxxxxxx Language prefs ...: de Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] Am I misunderstanding the meaning of this value? Or does the device require me to configure something to support longer keys? Has it to do with the GPG-version? (I'm using 2.0.28) Thanks. |
Author: | dmonakhov [ Wed Dec 02, 2015 11:00 am ] |
Post subject: | Re: Yubikey 4 and RSA 4096 |
Yep.. You right. It shows that it support only 2048, but if you manually choose 4096 it will generate it. Application ID ...: D2760001240102010006041615780000 Version ..........: 2.1 Manufacturer .....: Yubico Serial number ....: 0416xxxx Name of cardholder: [not set] Language prefs ...: [not set] Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: 4096R 4096R 4096R Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 5 Signature key ....: B690 00AC 40B3 B578 A768 18AB B6EF FBE8 7982 EFC2 created ....: 2015-12-02 09:38:37 Encryption key....: 3A09 6ACB B7F3 19BB 6E60 2D00 17F5 FF2E 59DC E7D2 created ....: 2015-12-02 09:38:37 Authentication key: ABE8 1FFF B778 94BC 4376 8055 D38A AA6E 5FDE 027C created ....: 2015-12-02 09:38:37 General key info..: pub 4096R/7982EFC2 2015-12-02 Dmitry Monakhov (hw-gen-key-test) <dmonakhov@openvz.org> sec> 4096R/7982EFC2 created: 2015-12-02 expires: 2017-12-01 card-no: 0006 0416xxxx ssb> 4096R/5FDE027C created: 2015-12-02 expires: 2017-12-01 card-no: 0006 0416xxxx ssb> 4096R/59DCE7D2 created: 2015-12-02 expires: 2017-12-01 card-no: 0006 0416xxxx |
Author: | dmonakhov [ Wed Dec 02, 2015 11:22 am ] |
Post subject: | Re: Yubikey 4 and RSA 4096 |
subkey import (via "keytocard") and and subkey generation (via "addcardkey") are also works fine. In this example Sign and Encryption subkeys was imported, Auth subkey was generated on card Application ID ...: D2760001240102010006041615780000 Version ..........: 2.1 Manufacturer .....: Yubico Serial number ....: 04161578 Name of cardholder: [not set] Language prefs ...: [not set] Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: 4096R 4096R 4096R Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 0 Signature key ....: B0ED 248E 6922 E471 B7A7 7EBA F666 8E6D 506B 0421 created ....: 2015-12-02 10:05:57 Encryption key....: 84DA 7E09 7FF0 4AE5 57E4 4019 F042 CC5D 71C3 BCD1 created ....: 2015-12-02 09:55:29 Authentication key: 5C6B B320 A373 9700 75FA 6C46 D879 48F0 ECE2 B258 created ....: 2015-12-02 10:11:20 General key info..: pub 4096R/506B0421 2015-12-02 Dmitry Monakhov (hw-key-gen-test-yubikey-4096) <dmonakhov@opnevz.org> sec 4096R/A6C30BA6 created: 2015-12-02 expires: 2025-11-29 ssb> 4096R/71C3BCD1 created: 2015-12-02 expires: 2025-11-29 card-no: 0006 04161578 ssb> 4096R/506B0421 created: 2015-12-02 expires: 2016-12-01 card-no: 0006 04161578 ssb> 4096R/ECE2B258 created: 2015-12-02 expires: 2016-12-01 card-no: 0006 04161578 |
Author: | Himartin [ Sun Dec 06, 2015 8:02 pm ] |
Post subject: | Re: Yubikey 4 and RSA 4096 |
Thanks for the information. Indeed it works with longer keys. So the output of gpg was just confusing. |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |