On Feb 16, 2011, at 10:49 AM, Viktor TARASOV wrote: > On 15.02.2011 19:50, NdK wrote: >> On 15/02/2011 19:47, Viktor TARASOV wrote: >>> Sorry, this card can >>> gen/home/vtarasov/projects/llvm/build/Debug+Asserts/bin/clangerate key >>> 512bit . >>> For that the corresponding algorithm should be added to the list of the >>> card's algorithms. >>> >>> --- src/libopensc/card-myeid.c (révision 5194) >>> +++ src/libopensc/card-myeid.c (copie de travail) >>> @@ -100,6 +100,7 @@ >>> flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_PAD_PKCS1 | >>> SC_ALGORITHM_ONBOARD_KEY_GEN; >>> flags |= SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_RSA_HASH_SHA1 >>> | SC_ALGORITHM_ONBOARD_KEY_GEN; >>> >>> + _sc_card_add_rsa_alg(card, 512, flags, 0); >>> _sc_card_add_rsa_alg(card, 1024, flags, 0); >>> _sc_card_add_rsa_alg(card, 2048, flags, 0); >> If the card could handle it (don't know, and not confident enough to >> recompile opensc), often 768 bits are used for med-low security apps. > The same can be done for 768bit key, and, I suppose, for all key sizes from > 512 to 2048 with the 64 bit step.
The only questions is: are you sure you want to do this? Small RSA keys are often used in low profile hardware, where the smaller calculation is easier to complete, these days EC would be a better option for resource-constrained environments... I would not date to suggest turning <1024 key support off (which is the recommendation by several organizations) but giving a nice fat warning to the user when creating keys (not importing!) below 1024 (or 1024 keys when the card claims support for 2048) bits. -- @MartinPaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
