From jscott at posteo.net  Thu Nov 14 00:05:03 2024
From: jscott at posteo.net (John Scott)
Date: Wed, 13 Nov 2024 23:05:03 +0000
Subject: Certificate Authority using ed25519 key on Gnuk?
In-Reply-To: <6381b4ed-872f-4861-8cf6-7089672f5ca5@terminada.io>
References: <ff8556b7-7490-4aa8-a12a-09bcd125c046@terminada.io>
 <87ttdszpl2.fsf@akagi.fsij.org>
 <6381b4ed-872f-4861-8cf6-7089672f5ca5@terminada.io>
Message-ID: <de95171745cd39a64b18dc122aa2b6c6920578e9.camel@posteo.net>

I'm just stumbling on this thread from last month, but since it's a question I've pondered before I thought I'd better share my thoughts late rather than never.

> It seems strange to me that more people don't want to use ed25519 keys protected by a smartcard as the basis for their self-signed CA.
One reason that it hasn't seen much adoption at all is that, for TLS certificates, the CA/Browser Forum only permits CAs to issue RSA and NIST curve certificates. This can be seen at https://cabforum.org/working-groups/server/baseline-requirements/documents/CA-Browser-Forum-TLS-BR-2.0.9.pdf#3a and the relevant request to change this, which was refused, is at https://github.com/cabforum/servercert/issues/451
This explains why application support for X.509 certificates using other curves is very hard to come by. I agree that for an internal CA or when using certificates for purposes other than TLS this should at least be possible, but the use case is esoteric and low-priority, at least for now.

>>> It appears that gpgsm supports creating a self signed CA but maybe only for RSA keys?
>> I don't know for X.509 CA use cases.
> Yes, it seems that the failure relates to unimplemented functionality in gpg-agent / gpgsm, rather than Gnuk.

One option to explore which I haven't tried yet is to avoid using the GnuPG suite altogether for this application, and instead use OpenSC to talk to your card directly (although if you've already generated keys with GnuPG, then it's okay to leave those as-is and you don't need new ones). OpenSC has a PKCS#11 module that can expose many of its backends (namely the OpenPGP card/Gnuk backend) for crypto operations. This is kind of like Scute, except instead of letting gpg-agent and scdaemon do the talking to the hardware, OpenSC handles this.
The PKCS#11 module exposes your Gnuk as a device capable of raw public key operations, so you can use any PKCS#11-capable application or library (including OpenSSL or GnuTLS) to create an X.509 certificate using the raw public key and do signing and decrypting operations.

This page from Nitrokey in regards to the Nitrokey Start will likely steer you in the right direction: https://docs.nitrokey.com/nitrokeys/features/openpgp-card/smime/index