Seed mode: 2047-bit signing sub-key length when generating from 2048-bit master key

[aryasenna]

I just found out Ledger generates 2047-bit RSA signing key and encryption key when seed mode is active.

sec   rsa2048/XXXXXXXXXXXXX  created: 2020-11-07  expires: never    --> master key
ssb>  rsa2047/XXXXXXXXXXXXX  created: 2020-11-07 expires: never     --> enc. key
                                card-no: 2C97 XXXXXXXX
ssb>  rsa2048/XXXXXXXXXXXXX  created: 2020-11-07 expires: never     --> auth. key
                                card-no: 2C97 XXXXXXXX
ssb>  rsa2047/XXXXXXXXXXXXX  created: 2020-11-07  expires: never    --> sign. key
                                card-no: 2C97 XXXXXXXX

When seed mode is off, the keys generated are of 2048-bit length.

This is probably a bug since it only happens with signature and encryption key. Authentication key is generated as 2048-bit key just fine.

Not the first time, it appears:

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/puttygen-keys-one-bit-short.html https://randomoracle.wordpress.com/2019/12/04/off-by-one-the-curious-case-of-2047-bit-rsa-keys/

The issue is a lot of tools happily mark RSA 2047 bit as insecure. :( So using Ledger's seed mode becomes impractical.

Paging @cslashm :)

[cedelavergne-ledger]

Hi, Doing more tests these days, also after the app refactoring on v2, the generated key is 2048 bits.

pub  rsa2048/29B9FFAA721E6714 2024-02-29 testkey
sec>  rsa2048/29B9FFAA721E6714  created: 2024-02-29  expires: never     
                                card-no: 2C97 955936E6
ssb>  rsa2048/4612132E5E57BE78  created: 2024-02-29  expires: never     
                                card-no: 2C97 955936E6
ssb>  rsa2048/6B18E9BCB1E7189B  created: 2024-02-29  expires: never     
                                card-no: 2C97 955936E6

Please double check...