Hello
On Thu, Sep 30, 2010 at 18:07, Douglas E. Engert <deeng...@anl.gov> wrote:
> With OpenSSL-1.0.0a pkcs11-tool -M shows:
>
> Supported mechanisms:
> RSA-PKCS-KEY-PAIR-GEN, keySize={1024,3072}, keypairgen
>
> Without OPenSSL, pkc11-tool -M
> RSA-PKCS, keySize={1024,3072}, sign, unwrap, decrypt
>
> Note that verify is not listed without OpenSSL, as the
> pkcs11/openssl.c adds the OpenSSL hash and verify functions.
Interesting. RSA-PKCS-KEY-PAIR-GEN should have nothing to do with
OpenSSL. Also, OpenSC (and most smart cards) currently only do
properly keys up to 2048 bits.
opensc.h has #define SC_CARD_CAP_RSA_2048, JavaCard 2.2.2 has only
KeyBuilder.LENGTH_RSA_2048
The suggested key sizes apparently only double over years, so 4096
seems more popular than 3072 for some reason :)
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
