Using PKINIT with ECC
Goetz Golla
mit at sec4mail.de
Fri Jan 26 02:01:12 EST 2024
On 1/11/24 15:41, Ken Hornstein wrote:
> But here is some snippets of the PKCS#11 code in MIT Kerberos:
>
> When specifying the search parameters to find the private key:
>
> keytype = CKK_RSA;
> attrs[nattrs].type = CKA_KEY_TYPE;
> attrs[nattrs].pValue = &keytype;
> attrs[nattrs].ulValueLen = sizeof keytype;
> nattrs++;
>
> When setting the key signing mechanism:
>
> /*
> * We'd like to use CKM_SHA256_RSA_PKCS for signing if it's available, but
> * historically many cards seem to be confused about whether they are
> * capable of mechanisms or not. The safe thing seems to be to ignore the
> * mechanism list, always use CKM_RSA_PKCS and calculate the sha256 digest
> * ourselves.
> */
> id_cryptoctx->mech = CKM_RSA_PKCS;
>
> Those are all hardcoded use of RSA keys and signing mechanisms and it
> doesn't handle ECC at all. So unless the Yubico library ignored the
> key type and mechanism (which I think would be extremely unlikely but
> not impossible) I suspect you were using RSA back during your original
> testing and didn't realize it.
>
> --Ken
Its good to know the reason why MIT Kerberos cannot handle EC
certificates right now.
I know that NIST is happy with RSA 2048, but in Europe RSA >= 3072 is
already mandatory, and this key size makes small devices like the
Yubikeys very slow when generating the keys. In fact, Yubikeys only
support RSA <=2048.
So is there a way to submit a feature request for ECDSA support in MIT
Kerberos ?
-- Goetz
More information about the Kerberos
mailing list