Support for RSA 3072 and 4096 bit keys

[ryanswj]

Hey there.

I’d like to check if RSA 3072 and 4096 keys are supported, since the README doesn’t say anything about that, while also saying that it emulates a Yubikey 5, which does.

If it doesn’t, what is the limitation here?

As a side note, thank you so much for your effort and hard work creating this PivApplet!

Cheers, Ryan

[dengert]

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf is the latest PIV specification. In Part 2 "3.2.4 GENERAL AUTHENTICATE Card Command" it refers to: "Algorithm reference. See Table 14 and [SP800-78, Table 6-2]" i.e. https://csrc.nist.gov/publications/detail/sp/800-78/4/final "Table 6-2. Identifiers for Supported Cryptographic Algorithms" only lists for RSA: 1024 and 2048. https://csrc.nist.gov/publications/detail/sp/800-73/1/archive/2006-03-15 (which has been withdrawn did specify RSA 3072.

Google for: Yubikey PIV RSA 4096

https://www.vulnscan.org/yubikey-and-4096-bit-rsa-support/ Says the hardware can support 4096 when used with OpenPGP applet.

[ryanswj]

Got it, thanks for sharing. Looks like I got tricked by Yubico too...