Exponent of 3 for 4096 bit RSA keys on Nitrokey HSM2

TonyDevC1 · February 15, 2022, 2:50pm

Hi,

I know this has already been discussed here:

Supported exponents for 4096 bit RSA keys on Nitrokey Pro

but it would be very useful to know of the Nitrokey HSM2 also supports 4096 RSA keys with an exponent of 3. Also, is it possible for the key to be generated on the key with an exponent of 3?

BTW I acknowledge that there will be a degradation in the strength of the encryption with this exponent.

Regards,
Tony.

sc-hsm · February 17, 2022, 2:19pm

You can specify the public exponent at the APDU level in the GENERATE ASYMMETRIC KEY PAIR command:

F5 C: 00 46 01 00 - GENERATE ASYMMETRIC KEY PAIR Lc=61 Extended
      0007  5F 29 01 00 42 0E 44 45 43 41 30 30 30 30 31 30  _)..B.DECA000010
      0017  30 30 30 31 7F 49 13 06 0A 04 00 7F 00 07 02 02  0001.I..........
      0027  02 01 02 82 01 03 02 02 10 00 5F 20 10 55 54 54  .........._ .UTT
      0037  45 53 54 4B 45 59 30 31 30 30 30 30 30           ESTKEY0100000
      Le=0 Extended

The public exponent is defined in Tag 82 at offset 0x002A. The middleware always sets 65537 as default.

Disclaimer: Using a public exponent other than 65537 is outside the CC-certified algorithms for the platform.

My1 · April 17, 2022, 12:48am

I am curious, why do you want an exponent of 3?