Certificate Authority using ed25519 key on Gnuk?
NIIBE Yutaka
gniibe at fsij.org
Fri Oct 4 02:20:09 CEST 2024
Terminada wrote:
> Is it possible to set up a self signed certificate authority using a
> ed25519 key protected by a Gnuk (FST-01sz) device?
I think that you mean X.509 certificate. In theory, it is possible;
Gnuk handles private keys and their crypto operations (in this case,
it's signing with Ed25519) and it's up to host side to determine the
purpose of raw signature produced by Gnuk.
> It appears that gpgsm supports creating a self signed CA but maybe only
> for RSA keys?
I don't know for X.509 CA use cases. Could you please ask gnupg-devel?
For X.509 Ed25519 support, it would not be tested well or it's buggy,
and the UI is not that good. Although I don't know if it's related, for
X.509 EdDSA certificates, I can find this commit:
https://dev.gnupg.org/rG6dc3846d78192e393be73c16c72750734a9174d1
--
More information about the Gnuk-users
mailing list