Yubico Forum :: View topic - Slow RSA-2048 encryption/signing

cm> /select 010203040506
=> 00 A4 04 00 06 01 02 03 04 05 06 00 ............
(11589 usec)
<= 90 00 ..
Status: No Error
cm> /send 0001000000
=> 00 01 00 00 00 .....
(15141 msec)
<= 90 00 ..
Status: No Error
cm> /send 0002000000
=> 00 02 00 00 00 .....
(132184 usec)
<= 90 00 ..
Status: No Error
cm> /send 000300000104
=> 00 03 00 00 01 04 ......
jcshell: Error code: -6 (Card terminal error)
jcshell: Communication problems: No response after sending APDU; Unknown return code (0x8010002F) [No response after sending APDU; Unknown return code (0x8010002F)]

Author:	drazvan [ Fri Nov 08, 2013 8:04 pm ]
Post subject:	Re: Slow RSA-2048 encryption/signing
Thank you Jakob! With your source code, running under JCOP Tools in Eclipse / Windows 7, here's my output: Code: cm> /select 010203040506 => 00 A4 04 00 06 01 02 03 04 05 06 00 ............ (11589 usec) <= 90 00 .. Status: No Error cm> /send 0001000000 => 00 01 00 00 00 ..... (15141 msec) <= 90 00 .. Status: No Error cm> /send 0002000000 => 00 02 00 00 00 ..... (132184 usec) <= 90 00 .. Status: No Error cm> /send 000300000104 => 00 03 00 00 01 04 ...... jcshell: Error code: -6 (Card terminal error) jcshell: Communication problems: No response after sending APDU; Unknown return code (0x8010002F) [No response after sending APDU; Unknown return code (0x8010002F)] So the key generation works (takes about 15 seconds), the signature initialization works (132ms) but the actual signing fails (the error code appears after about 30-40 seconds). What happens when you try it? Thank you, Razvan

Author:	drazvan [ Tue Nov 19, 2013 1:52 pm ]
Post subject:	Re: Slow RSA-2048 encryption/signing
Hello again everyone, The guys at Yubico have been kind enough to provide me with a second Neo to test on and everything works fine on the new one (RSA signatures with small inputs take about 1.5 seconds, they no longer hang for 30-40 seconds then return a timeout error). The firmware version is the same (3.1.2) and I can't spot any differences in the ATR or the response to "/identify" in JCOP Tools. As far as I can tell the two Neos are identical, but one can sign just fine while the other one times out. This is with the exact same applet, same procedure to deploy, etc. It works on the new one and fails on the old one. I wonder if this could be a hardware issue - the old unit has seen a lot more use (a lot of flash writes), but the problem appears to have something to do with the random number generator. Maybe the RNG is faulty on the old unit and the card fails to get enough secure random bytes to do its padding for the RSA signature. Any ideas what I could try next? Thanks again to the Yubico team for providing me with a replacement unit. Razvan

Yubico Forum https://forum.yubico.com/

Slow RSA-2048 encryption/signing https://forum.yubico.com/viewtopic.php?f=26&t=1207	Page 2 of 2

Page 2 of 2	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/