[Cscwg-public] FIPS token supporting RSA 3072
Dean Coclin
dean.coclin at digicert.com
Thu Jan 14 18:21:29 UTC 2021
Thanks, this is the same token our team looked into and it does NOT support
what they advertise.
Dean
-----Original Message-----
From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Tomas
Gustavsson via Cscwg-public
Sent: Thursday, January 14, 2021 12:53 PM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] FIPS token supporting RSA 3072
Hi,
I think I found, memory is bad since before holidays, the token I looked at
then.
The YubiKey FIPS token is a bit strange:
https://www.yubico.com/products/yubikey-fips/
Here it says RSA 2048,
but here
https://support.yubico.com/hc/en-us/articles/360013729079--YubiKey-C-FIPS
It says RSA3072 and 4096 with the OpenPGP module.
The FIPS certificate gives some technical details on HW and firmware...
https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/de
tails?source=RSA&number=2569
https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/de
tails?source=RSA&number=2569
"SLE78CLUFX3000PH e58230b8 with Infineon CL70 1.03.006" is probably a very
common chip to use, then it's the token vendor that has to to the FIPS
validation of course...
Still a bit confusing on the 3072 bit.
Regards,
Tomas
_______________________________________________
Cscwg-public mailing list
Cscwg-public at cabforum.org
https://lists.cabforum.org/mailman/listinfo/cscwg-public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210114/acf6177d/attachment-0001.p7s>
More information about the Cscwg-public
mailing list