[Cscwg-public] FIPS token supporting RSA 3072
Tomas Gustavsson
tomas.gustavsson at primekey.com
Thu Jan 14 18:54:03 UTC 2021
Very interesting, good info!
On 2021-01-14 19:21, Dean Coclin wrote:
> Thanks, this is the same token our team looked into and it does NOT support
> what they advertise.
>
> Dean
>
> -----Original Message-----
> From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Tomas
> Gustavsson via Cscwg-public
> Sent: Thursday, January 14, 2021 12:53 PM
> To: cscwg-public at cabforum.org
> Subject: [Cscwg-public] FIPS token supporting RSA 3072
>
> Hi,
>
> I think I found, memory is bad since before holidays, the token I looked at
> then.
>
> The YubiKey FIPS token is a bit strange:
> https://www.yubico.com/products/yubikey-fips/
> Here it says RSA 2048,
>
> but here
> https://support.yubico.com/hc/en-us/articles/360013729079--YubiKey-C-FIPS
>
> It says RSA3072 and 4096 with the OpenPGP module.
>
> The FIPS certificate gives some technical details on HW and firmware...
> https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/de
> tails?source=RSA&number=2569
>
> https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/de
> tails?source=RSA&number=2569
>
> "SLE78CLUFX3000PH e58230b8 with Infineon CL70 1.03.006" is probably a very
> common chip to use, then it's the token vendor that has to to the FIPS
> validation of course...
>
> Still a bit confusing on the 3072 bit.
>
> Regards,
> Tomas
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
>
More information about the Cscwg-public
mailing list