Just a bit curious... I did a "list algorithms" on my yubikey neo and got the following output:
Code:
$ opensc-tool --list-algorithms
Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID 00 00
Algorithm: rsa
Key length: 1024
Flags: onboard key generation padding ( none ) hashes ( )
Algorithm: rsa
Key length: 2048
Flags: onboard key generation padding ( none ) hashes ( )
Algorithm: rsa
Key length: 3072
Flags: onboard key generation padding ( none ) hashes ( )
Algorithm: ec
Key length: 256
Flags: onboard key generation
Algorithm: ec
Key length: 384
Flags: onboard key generation
Does the Yubikey NEO really support 3072-bit RSA keys, and 384-bit EC keys? I don't see that capability exposed in the apps.
Likewise, is the following list of supported pkcs11 mechanisms accurate?
Code:
$ pkcs11-tool --module /usr/lib/opensc-pkcs11.so --list-mechanisms
Using slot 1 with a present token (0x1)
Supported mechanisms:
SHA-1, digest
SHA256, digest
SHA384, digest
SHA512, digest
MD5, digest
RIPEMD160, digest
ECDSA, keySize={256,384}, hw, sign, other flags=0x1800000
ECDSA-SHA1, keySize={256,384}, hw, sign, other flags=0x1800000
ECDSA-KEY-PAIR-GEN, keySize={256,384}, hw, generate_key_pair, other flags=0x1800000
RSA-X-509, keySize={1024,3072}, hw, decrypt, sign, verify
RSA-PKCS, keySize={1024,3072}, hw, decrypt, sign, verify
SHA1-RSA-PKCS, keySize={1024,3072}, sign, verify
SHA256-RSA-PKCS, keySize={1024,3072}, sign, verify
MD5-RSA-PKCS, keySize={1024,3072}, sign, verify
RIPEMD160-RSA-PKCS, keySize={1024,3072}, sign, verify
RSA-PKCS-KEY-PAIR-GEN, keySize={1024,3072}, generate_key_pair
Login
FAQ
Search
