Hello On Thu, Sep 30, 2010 at 18:07, Douglas E. Engert <deeng...@anl.gov> wrote:
> With OpenSSL-1.0.0a pkcs11-tool -M shows: > > Supported mechanisms: > RSA-PKCS-KEY-PAIR-GEN, keySize={1024,3072}, keypairgen > > Without OPenSSL, pkc11-tool -M > RSA-PKCS, keySize={1024,3072}, sign, unwrap, decrypt > > Note that verify is not listed without OpenSSL, as the > pkcs11/openssl.c adds the OpenSSL hash and verify functions. Interesting. RSA-PKCS-KEY-PAIR-GEN should have nothing to do with OpenSSL. Also, OpenSC (and most smart cards) currently only do properly keys up to 2048 bits. opensc.h has #define SC_CARD_CAP_RSA_2048, JavaCard 2.2.2 has only KeyBuilder.LENGTH_RSA_2048 The suggested key sizes apparently only double over years, so 4096 seems more popular than 3072 for some reason :) _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel