search

canokeys / canokey-core

Core implementations of an open-source secure key
https://canokeys.org/
Apache License 2.0
314 stars 35 forks source link

[Feature request] Does CanoKey have the opportunity to support the RSA4096 algorithm in PIV mode #76

Closed PIKACHUIM closed 8 months ago

PIKACHUIM commented 8 months ago

I have noticed that RSA-4096 is supported in GPG mode. Can the algorithm of RSA-4096 also be supported in PIV mode? Unfortunately, I am not familiar with the code and related encryption algorithms of this project and do not know how to add them. If you would like to add RSA-4096, I would greatly appreciate it.

dangfan commented 8 months ago

Hi, please refer to this branch: https://github.com/canokeys/canokey-core/tree/feature/algo_ext

Headcrabed commented 8 months ago

I have noticed that RSA-4096 is supported in GPG mode. Can the algorithm of RSA-4096 also be supported in PIV mode? Unfortunately, I am not familiar with the code and related encryption algorithms of this project and do not know how to add them. If you would like to add RSA-4096, I would greatly appreciate it.

RSA-4096 is not officially supported in PIV spec, but NIST SP 800-78-5 (Initial Public Draft), which released in September 2023, added RSA-3072 to PIV spec, and algo_ext branch already enabled that.

dangfan commented 8 months ago

Fixed by #78

PIKACHUIM commented 8 months ago

Sincere thanks!

I would like to discuss whether the algorithm for hardware keys needs to comply with standards (or drafts) from NIST. Here are some of my insights:

  1. NIST seems to be currently discussing the need to support RSA4096, and in fact, RSA4096 is already widely used elsewhere (usually referring to non hardware key devices)

    NIST requests feedback on the potential need to support RSA with 4096-bit keys, or for the need to add support for the EdDSA signature algorithm that is now specified in FIPS 186-5.

  2. As a PIV function of a hardware key device, some functions (such as code/document/digital signature or identity authentication) can replace HSM devices, and the above functions have been widely used with the RSA4096 algorithm

The discussions or insights I have put forward may not be correct. Feel free to share your opinions and perspectives with me.

dangfan commented 8 months ago

Thank you for your advice. Let me clarify that we actually support several non NIST algorithms before this draft. Since this commit, algorithm IDs can be configured dynamically. And the ID for RSA-3072 by default is the value from the draft standard. Hope you enjoy the extension.

PIKACHUIM commented 8 months ago

Thank you for your support. Looking forward to CanoKey products that support RSA3076, RSA4096, and ECC P521 appearing in my shopping cart.