- From: Emil Lundberg via GitHub <noreply@w3.org>
- Date: Fri, 26 Sep 2025 10:19:00 +0000
- To: public-webauthn@w3.org
2048- or 3072-bit keys is certainly more "canonical", but COSE doesn't require a specific size for RS256 keys. RS256 is defined in [RFC 8812](https://www.rfc-editor.org/rfc/rfc8812.html#name-rsassa-pkcs1-v1_5-signature), which only requires: >A key of size 2048 bits or larger MUST be used with these algorithms. [...] so 3482 bits for RS256 is at least a legal COSE representation. I think 3072 bits is probably the most "canonical" for RS256, to match the 128-bit [security level](https://en.wikipedia.org/wiki/Security_level#Typical_levels) of SHA-256, but I too am not an expert on this. The reason it's 3482 bits is just by nature of being a test vector: To prevent any suspicion that the test vectors are somehow maliciously constructed, I chose to derive them deterministically so that they can be easily reproduced and verified. EC keys are easy to generate using HKDF, but this doesn't work as easily for RSA since you'd have to run rejection sampling to find primes, which is slow and complicates the code a lot. So instead I chose to just hard-code an "appropriately obvious and natural" choice of primes, and for simplicity I chose [the two smallest Mersenne primes 2<sup>p</sup>-1 for p >= 1024](https://github.com/w3c/webauthn/blob/1147dcca0892af7a7cc1ebd756e851230139aae8/test-vectors/webauthn-test-vectors.py#L755-L757) since these have a compact representation that's easy to look up and compare. Those are p=1279 and p=2203, so the key indeed ends up at 3482 bits in size. > I couldn't create a key from RSA parameters due to the modulus not being an expected length. Could you elaborate on this? Do you have a particular tool that rejects this key due to the unconventional size? -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2333#issuecomment-3337941066 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 26 September 2025 10:19:01 UTC