MgmKey default algorithm changed from 3DES to AES-192 as of Firmware 5.7+.

iqlusioninc / yubikey.rs

Pure Rust YubiKey host-side driver for PIV-based RSA/ECC key storage + signing/encryption support

BSD 2-Clause "Simplified" License

218 stars 27 forks source link

MgmKey default algorithm changed from 3DES to AES-192 as of Firmware 5.7+. #579

Closed alechenthorne closed 3 months ago

alechenthorne commented 3 months ago

From yubico's docs:

The default management key (9B) on YubiKeys with firmware up to version 5.7 is a 3DES key with value 010203040506070801020304050607080102030405060708.

For YubiKeys with firmware version 5.7 and later, the default management key uses AES-192 instead of 3DES, The management key uses the same default value (3DES and AES-192 keys are the same length).

The MgmKey assumes 3DES for all cases currently.

alechenthorne commented 3 months ago

I realize now that pull request https://github.com/iqlusioninc/yubikey.rs/pull/578 addresses this. And issue #330 covers it. Closing.