[Cscwg-public] FIPS token supporting RSA 3072

Tomas Gustavsson tomas.gustavsson at primekey.com
Thu Jan 14 18:54:03 UTC 2021


Very interesting, good info!

On 2021-01-14 19:21, Dean Coclin wrote:
> Thanks, this is the same token our team looked into and it does NOT support
> what they advertise.
> 
> Dean
> 
> -----Original Message-----
> From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Tomas
> Gustavsson via Cscwg-public
> Sent: Thursday, January 14, 2021 12:53 PM
> To: cscwg-public at cabforum.org
> Subject: [Cscwg-public] FIPS token supporting RSA 3072
> 
> Hi,
> 
> I think I found, memory is bad since before holidays, the token I looked at
> then.
> 
> The YubiKey FIPS token is a bit strange:
> https://www.yubico.com/products/yubikey-fips/
> Here it says RSA 2048,
> 
> but here
> https://support.yubico.com/hc/en-us/articles/360013729079--YubiKey-C-FIPS
> 
> It says RSA3072 and 4096 with the OpenPGP module.
> 
> The FIPS certificate gives some technical details on HW and firmware...
> https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/de
> tails?source=RSA&number=2569
> 
> https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/de
> tails?source=RSA&number=2569
> 
> "SLE78CLUFX3000PH e58230b8 with Infineon CL70 1.03.006" is probably a very
> common chip to use, then it's the token vendor that has to to the FIPS
> validation of course...
> 
> Still a bit confusing on the 3072 bit.
> 
> Regards,
> Tomas
> 
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
> 


More information about the Cscwg-public mailing list