You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Their algorithm IDs are slightly different. For once, RSA-3072 has been officially assigned id 0x05 https://csrc.nist.gov/pubs/sp/800/78/5/final and RSA-4096 seems to have settled on 0x16 (although I could not find an official source for this)
The nonstandard algorithm IDs for Curve25519 are also different on the yubikey firmware. Considering that NIST will not likely ever standardize the 25519 curve, it seems reasonable to align this implementation with yubico, considering their big prevalence in the market (and the fact that they can't ever change these numbers on old devices due to a lack of firmware updates, even if they were persuaded to do so).
These new algorithm IDs are slowly starting to appear in tooling, and it would be nice if they could be aligned for better compatibility :)
The text was updated successfully, but these errors were encountered:
Yubico has released firmware 5.7 for a while, which adds RSA-3072, RSA-4096, X25519 and ED25519 algorithm types. https://docs.yubico.com/hardware/yubikey/yk-tech-manual/5.7-firmware-specifics.html#generate-a-new-key-pair
Their algorithm IDs are slightly different. For once, RSA-3072 has been officially assigned id 0x05 https://csrc.nist.gov/pubs/sp/800/78/5/final and RSA-4096 seems to have settled on 0x16 (although I could not find an official source for this)
The nonstandard algorithm IDs for Curve25519 are also different on the yubikey firmware. Considering that NIST will not likely ever standardize the 25519 curve, it seems reasonable to align this implementation with yubico, considering their big prevalence in the market (and the fact that they can't ever change these numbers on old devices due to a lack of firmware updates, even if they were persuaded to do so).
These new algorithm IDs are slowly starting to appear in tooling, and it would be nice if they could be aligned for better compatibility :)
The text was updated successfully, but these errors were encountered: