-
-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Store longer keys on Yubikeys #446
Comments
|
After diving deeper into this, here is what I discovered:
However, even though I succeeded in generating these longer keys, our code still utilizes the PIV slot. I discovered this when implementing a command to export key-description data (which calculates key size based on the public key's length). This means that to start signing with longer keys, we'll need to completely rework our YubiKey code. Another issue is that the Python library's support is more limited compared to what the We could invoke the I am going to add the BIG DEAL label and move this to the backlog for now. We should conduct further research and have a discussion. |
Another possible solution is to use a different signing scheme. This might require some refactoring, but should be doable. Something like ECC P-384 seems to be supported by piv and is more secure than RSA 2048 |
There should no longer be a limitation of 2048 bits.
The text was updated successfully, but these errors were encountered: