OpenPGP smartcard and supported curves

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenPGP smartcard and supported curves

Ben Kibbey
Hi all,

I have version 3.4 OpenPGP smartcard and am trying to get ed25519 keys
working. I have tried generating a signing key on-card and also
importing via the keytocard command of --card-edit with both methods
returning an 'Invalid value' error. The nist keys work fine. Is this a
limitation of the card?

Thanks,

--
Ben Kibbey

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OpenPGP smartcard and supported curves

GnuPG - Dev mailing list
Hi Ben,

On 09.02.2021 06:37, Ben Kibbey wrote:
> I have version 3.4 OpenPGP smartcard and am trying to get ed25519 keys
> working. I have tried generating a signing key on-card and also
> importing via the keytocard command of --card-edit with both methods
> returning an 'Invalid value' error. The nist keys work fine. Is this a
> limitation of the card?

I haven't seen this error personally but just for completeness sake you
may change the key card attribute if you didn't try that:

$ gpg --edit-card
gpg/card> admin
gpg/card> key-attr
Changing card key attribute for: Signature key
Please select what kind of key you want:
   (1) RSA
   (2) ECC
Your selection? 2
Please select which elliptic curve you want:
   (1) Curve 25519
   (4) NIST P-384
Your selection? 1
gpg/card> generate

(adapted from
https://developers.yubico.com/PGP/YubiKey_5.2.3_Enhancements_to_OpenPGP_3.4.html 
).

Kind regards,
Wiktor

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenPGP smartcard and supported curves

Ingo Klöcker
In reply to this post by Ben Kibbey
Hi,

I think the gnupg-users mailing list would have been the more appropriate
mailing list for your message.

On Dienstag, 9. Februar 2021 06:37:02 CET Ben Kibbey wrote:
> Hi all,
>
> I have version 3.4 OpenPGP smartcard and am trying to get ed25519 keys
> working. I have tried generating a signing key on-card and also
> importing via the keytocard command of --card-edit with both methods
> returning an 'Invalid value' error. The nist keys work fine. Is this a
> limitation of the card?

Which version of gpg (gpg --version) are you using? Which commands did you
use? What was the exact output? Did you try to track down the problem by
enabling more verbose/debug output?

The current development version which is going to become gpg 2.3 has seen a
lot of improvements for smartcards. Since you are writing to the development
mailing list, I suggest that you give gpg 2.3 a try (after compiling it
yourself).

I think "Invalid value" points more to a limitation of gpg (probably scdaemon)
than a limitation of the card.

Regards,
Ingo

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OpenPGP smartcard and supported curves

GnuPG - Dev mailing list
In reply to this post by GnuPG - Dev mailing list
On Tue,  9 Feb 2021 08:33, Wiktor Kwapisiewicz said:

> Please select which elliptic curve you want:
>   (1) Curve 25519

Note that this is for a Yubikey and not for Zeitcontrol card.  The
OpenPGP spec allows for Curve25519 but not all implementations support
it.


Shalom-Salam,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (233 bytes) Download Attachment