[Cscwg-public] FIPS token supporting RSA 3072
Dean Coclin
dean.coclin at digicert.com
Thu Jan 14 18:56:32 UTC 2021
Our support team recently evaluated this. It's the one that is supposed to
be updated to support the levels sometime early this year. Perhaps what Ian
was referring to.
-----Original Message-----
From: Bruce Morton <Bruce.Morton at entrust.com>
Sent: Thursday, January 14, 2021 1:51 PM
To: Dean Coclin <dean.coclin at digicert.com>; cscwg-public at cabforum.org; Tomas
Gustavsson <tomas.gustavsson at primekey.com>
Subject: RE: [Cscwg-public] FIPS token supporting RSA 3072
SafeNet states that their eToken 5110 CC supports CC EAL5+, which I believe
meets our requirement.
https://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authent
ication/etoken-5110-usb-token
https://cpl.thalesgroup.com/sites/default/files/content/product_briefs/field
_document/2020-09/SafeNet_eToken_5110_PB_v20.pdf
Bruce.
-----Original Message-----
From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Dean
Coclin via Cscwg-public
Sent: Thursday, January 14, 2021 1:22 PM
To: Tomas Gustavsson <tomas.gustavsson at primekey.com>;
cscwg-public at cabforum.org
Subject: [EXTERNAL]Re: [Cscwg-public] FIPS token supporting RSA 3072
Thanks, this is the same token our team looked into and it does NOT support
what they advertise.
Dean
-----Original Message-----
From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Tomas
Gustavsson via Cscwg-public
Sent: Thursday, January 14, 2021 12:53 PM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] FIPS token supporting RSA 3072
Hi,
I think I found, memory is bad since before holidays, the token I looked at
then.
The YubiKey FIPS token is a bit strange:
https://www.yubico.com/products/yubikey-fips/
Here it says RSA 2048,
but here
https://support.yubico.com/hc/en-us/articles/360013729079--YubiKey-C-FIPS
It says RSA3072 and 4096 with the OpenPGP module.
The FIPS certificate gives some technical details on HW and firmware...
https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/de
tails?source=RSA&number=2569
https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/de
tails?source=RSA&number=2569
"SLE78CLUFX3000PH e58230b8 with Infineon CL70 1.03.006" is probably a very
common chip to use, then it's the token vendor that has to to the FIPS
validation of course...
Still a bit confusing on the 3072 bit.
Regards,
Tomas
_______________________________________________
Cscwg-public mailing list
Cscwg-public at cabforum.org
https://lists.cabforum.org/mailman/listinfo/cscwg-public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210114/a2fd5f40/attachment-0001.p7s>
More information about the Cscwg-public
mailing list