<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html;

      charset=ISO-8859-15">

  </head>

  <body>

    <p><font face="Calibri">Bruce, <br>

      </font></p>

    <p><font face="Calibri">is that the only FIPS or CC portable crypto

        token available on the market, supporting at least 3072-bits RSA

        keys ?</font></p>

    <p><font face="Calibri">It seems to me there are not too many, and I

        think it would be a nasty thing it there was only one....</font></p>

    <p><font face="Calibri">Adriano</font></p>

    <p><font face="Calibri"></font><br>

    </p>

    <div class="moz-cite-prefix">Il 14/01/2021 19:51, Bruce Morton via

      Cscwg-public ha scritto:<br>

    </div>

    <blockquote type="cite"

cite="mid:01000177023cf488-62f5568f-4713-4b97-920d-1bee77452690-000000@email.amazonses.com">

      <pre class="moz-quote-pre" wrap="">SafeNet states that their eToken 5110 CC supports CC EAL5+, which I believe meets our requirement.

<a class="moz-txt-link-freetext" href="https://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication/etoken-5110-usb-token">https://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication/etoken-5110-usb-token</a>

<a class="moz-txt-link-freetext" href="https://cpl.thalesgroup.com/sites/default/files/content/product_briefs/field_document/2020-09/SafeNet_eToken_5110_PB_v20.pdf">https://cpl.thalesgroup.com/sites/default/files/content/product_briefs/field_document/2020-09/SafeNet_eToken_5110_PB_v20.pdf</a>  

Bruce.

-----Original Message-----

From: Cscwg-public <a class="moz-txt-link-rfc2396E" href="mailto:cscwg-public-bounces@cabforum.org"><cscwg-public-bounces@cabforum.org></a> On Behalf Of Dean Coclin via Cscwg-public

Sent: Thursday, January 14, 2021 1:22 PM

To: Tomas Gustavsson <a class="moz-txt-link-rfc2396E" href="mailto:tomas.gustavsson@primekey.com"><tomas.gustavsson@primekey.com></a>; <a class="moz-txt-link-abbreviated" href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a>

Subject: [EXTERNAL]Re: [Cscwg-public] FIPS token supporting RSA 3072

Thanks, this is the same token our team looked into and it does NOT support what they advertise.

Dean

-----Original Message-----

From: Cscwg-public <a class="moz-txt-link-rfc2396E" href="mailto:cscwg-public-bounces@cabforum.org"><cscwg-public-bounces@cabforum.org></a> On Behalf Of Tomas Gustavsson via Cscwg-public

Sent: Thursday, January 14, 2021 12:53 PM

To: <a class="moz-txt-link-abbreviated" href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a>

Subject: [Cscwg-public] FIPS token supporting RSA 3072

Hi,

I think I found, memory is bad since before holidays, the token I looked at then.

The YubiKey FIPS token is a bit strange:

<a class="moz-txt-link-freetext" href="https://www.yubico.com/products/yubikey-fips/">https://www.yubico.com/products/yubikey-fips/</a>

Here it says RSA 2048,

but here

<a class="moz-txt-link-freetext" href="https://support.yubico.com/hc/en-us/articles/360013729079--YubiKey-C-FIPS">https://support.yubico.com/hc/en-us/articles/360013729079--YubiKey-C-FIPS</a>

It says RSA3072 and 4096 with the OpenPGP module.

The FIPS certificate gives some technical details on HW and firmware...

<a class="moz-txt-link-freetext" href="https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/de">https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/de</a>

tails?source=RSA&number=2569

<a class="moz-txt-link-freetext" href="https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/de">https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/de</a>

tails?source=RSA&number=2569

"SLE78CLUFX3000PH e58230b8 with Infineon CL70 1.03.006" is probably a very common chip to use, then it's the token vendor that has to to the FIPS validation of course...

Still a bit confusing on the 3072 bit.

Regards,

Tomas

_______________________________________________

Cscwg-public mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org">Cscwg-public@cabforum.org</a>

<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>

_______________________________________________

Cscwg-public mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org">Cscwg-public@cabforum.org</a>

<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>

</pre>

    </blockquote>

  </body>

</html>