Algorithm support

[sosthene-nitrokey]

Asymmetric keys

• RSA 2048
• RSA 3072 and 4096 (not standard)
• RSA 1024 (Not planned)
• nistp256
• nistp384
• nistp521
• Curve 25519 (not standard, see https://github.com/go-piv/piv-go/blob/66ce787eec2b47673aebac019f248a3552d9783e/piv/piv.go#L68)

Symmetric keys (management)

• AES 256
• TDES (not recommended)

[stv0g]

We should support the new PIV Card Algorithm Identifiers from NIST SP 800-78-5 ipd (Initial Public Draft):

Algorithm Identifier	Algorithm – Mode
0x00	3 Key Triple DES – ECB (deprecated)
0x03	3 Key Triple DES – ECB (deprecated)
0x05	RSA 3072 bit modulus, 65537 ≤ exponent ≤ 2256 - 1
0x06	RSA 1024 bit modulus, 65537 ≤ exponent ≤ 2256 - 1
0x07	RSA 2048 bit modulus, 65537 ≤ exponent ≤ 2256 - 1
0x08	AES-128 – ECB
0x0A	AES-192 – ECB
0x0C	AES-256 – ECB
0x11	ECC: Curve P-256
0x14	ECC: Curve P-384
0x27	Cipher Suite 2
0x2E	Cipher Suite 7

RSA 3072, RSA 4096, X25519 and Ed25519 are now also supported by YubiKeys with firmware versions 5.7.0 and newer:

They use the following non-standard identifiers:

Algorithm Identifier	Algorithm – Mode
0x16	RSA 4096 bit modulus, 65537 ≤ exponent ≤ 2256 - 1
0xE0	Ed25519
0xE1	X25519

See: YubiKey 5.7 Firmware Specifics

Please note that 0xE0 and 0xE1 are clashing with piv-authenticators current non-standard ids:

piv-authenticator/tests/command_response.rs

Lines 58 to 72 in efb4632

	P521 = 0x15,
	// non-standard!
	Rsa3072 = 0xE0,
	Rsa4096 = 0xE1,
	Ed25519 = 0xE2,
	X25519 = 0xE3,
	Ed448 = 0xE4,
	X448 = 0xE5,
	// non-standard! picked by Alex, but maybe due for removal
	P256Sha1 = 0xF0,
	P256Sha256 = 0xF1,
	P384Sha1 = 0xF2,
	P384Sha256 = 0xF3,
	P384Sha384 = 0xF4,

[stv0g]

I propose we adjust the piv-authenticator non-standard IDs with those from Yubico, as we have the flexibility to update firmwares which Yubikeys do not and it would improve interoperability.

[mmerklinger]

Final publication of NIST SP 800-78-5.