| Yubico Forum https://forum.yubico.com/ |
|
| [S!] YubiKey 4, RSA3072 with public exponent 3 for signing https://forum.yubico.com/viewtopic.php?f=35&t=2654 |
Page 1 of 1 |
| Author: | rebane [ Tue Jun 20, 2017 3:29 pm ] |
| Post subject: | [S!] YubiKey 4, RSA3072 with public exponent 3 for signing |
I would like to use YubiKey 4 to sign arbitrary binary blobs. 1) Is it possible to generate (or import) RSA 3072 keys on YubiKey 4? How? I have tried to use the PIV tool (which currently only supports up to RSA 2048 keys) and pkcs11-tool (which does not list a suitable mechanism, e.g. RSA-PKCS-KEY-PAIR-GEN). 2) Does YubiKey 4 support RSA keys with public exponent other than 65537 (0x10001)? |
|
| Author: | ChrisHalos [ Tue Jun 20, 2017 4:06 pm ] |
| Post subject: | Re: [Q?] YubiKey 4, RSA3072 with public exponent 3 for signi |
RSA 3072 can only be done on the OpenPGP applet via gpg2 commands. 3072 is not a supported algorithm in the PIV spec. No, exponent 3 is not supported. We only accept F4 as an exponent since 3 is considered weak and could lead to some theoretical attacks. This also follows the specifications of the OpenPGP card which supports this behavior. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|