Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 8:44 pm

View unanswered posts | View active topics


Board index » Yubikey » Yubikey NEO

All times are UTC + 1 hour




Post new topic Reply to topic  Page 2 of 2
  [ 14 posts ]  Go to page Previous  1, 2
  Print view Previous topic | Next topic 
Author Message
air
PostPosted: Wed Jun 18, 2014 12:20 pm 
Offline

Joined: Tue Nov 05, 2013 3:08 am
Posts: 17
Thanks Klas, I wasn't aware of the ykneo-curves applet. I will check it out.
Does it store the private key or is it only used at run-time?

Is there any other PKCS#11 applets besides the PIV applet? I ask because my only reason for using PIV is to gain PKCS#11 support, but the PIV applet appears to be proprietary, since we are not able to perform upgrades of it. I want to be able to use 320-bit ECC, even if it doesn't conform to the PIV standard, such as by using the brainpoolp320r1 curve.
Top
 Profile  
Reply with quote  

Share On:
Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

Klas
PostPosted: Wed Jun 18, 2014 1:10 pm 
Offline
Site Admin
Site Admin

Joined: Thu Apr 19, 2012 1:45 pm
Posts: 148
Hard to be aware of it, it's been internal until this morning. It should only be viewed as a demonstrator/test for different ecc curves, nothing to be used as is. With that said though, it stores the keys it generates, one key per curve.

The openpgp applet might be possible to use for pkcs11 through opensc, though I haven't tried it and it might require some work. Apart from that the only thing Yubico has for pkcs11 is the PIV applet, which as you noted is proprietary and only available as is on shipped Neos.

The problem with adding other curves to the PIV applet is that no supporting software would work with those curves, everything would have to be modified to know about them. Windows wouldn't recognize the algorithm used, OpenSC wouldn't recognize it without patches, etc.

/klas
Top
 Profile  
Reply with quote  
air
PostPosted: Wed Jun 18, 2014 2:51 pm 
Offline

Joined: Tue Nov 05, 2013 3:08 am
Posts: 17
For OpenPGP I see there is a proposed standard for ECC, RFC 6637, but it is only a proposed standard at this stage. GPG 2.1, which is still in beta after ~3 years, has ECC, but you need to go into expert mode.

GPG has support for the curves based on OIDs so Brainpool curves, etc., can be used (all parties would need support of course).

Ah that makes sense. I saw it was only a couple of hours (at the time), but saw that it had earlier commits, these must have been from when it was private.

I will investigate OpenPGP and OpenSC further. Perhaps with the help from GPG's ECC code and ykneo-curves code it will be possible to add ECC support to the OpenPGP applet.

Thanks for the help Klas.
Top
 Profile  
Reply with quote  
hazza
PostPosted: Sun Nov 09, 2014 3:12 pm 
Offline

Joined: Wed Oct 22, 2014 5:16 pm
Posts: 5
Just a heads-up that GnuPG 2.1.0 has now been released as the 'modern' branch.
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 2 of 2
  [ 14 posts ]  Go to page Previous  1, 2

Board index » Yubikey » Yubikey NEO

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 10 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group