Help with new board Blue Pill Plus with gnuk

Tue Feb 18 12:29:39 CET 2025

Hi,

I think it becomes clear for me (see below). Thanks.

---------------------------------------------------------------

I understand that with Gnuk 2.2  :

--$ gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye tell me all the 
algorithms available on the Gnuk Card (see below with my Blue Pill Plus 
board)

--------

gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye S KEY-ATTR-INFO 
OPENPGP.1 secp256k1 S KEY-ATTR-INFO OPENPGP.1 ed25519 S KEY-ATTR-INFO 
OPENPGP.1 ed448 S KEY-ATTR-INFO OPENPGP.2 secp256k1 S KEY-ATTR-INFO 
OPENPGP.2 cv25519 S KEY-ATTR-INFO OPENPGP.2 cv448 S KEY-ATTR-INFO 
OPENPGP.3 secp256k1 S KEY-ATTR-INFO OPENPGP.3 ed25519 S KEY-ATTR-INFO 
OPENPGP.3 ed448 OK --------

-- gpg --expert --card-edit show me all algoritms available with GnuPG 
even algorithms not available in Gnuk Card as RSA and ECC/choice number 
3, 4, 5, 6, 7 and 8 in the example (see below with my Blue Pill Plus board)

--------

$ gpg --expert --card-edit Reader ...........: 
1209:2440:FSIJ-2.2-43112959:0 Application ID ...: 
D276000124010200FFFE431129590000 Application type .: OpenPGP Version 
..........: 2.0 Manufacturer .....: unmanaged S/N range Serial number 
....: 43112959 Name of cardholder: [non positionné] Language prefs ...: 
[non positionné] Salutation .......: URL of public key : [non 
positionné] Login data .......: [non positionné] Signature PIN ....: 
forcé Key attributes ...: secp256k1 secp256k1 secp256k1 Max. PIN lengths 
.: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 KDF 
setting ......: on UIF setting ......: Sign=off Decrypt=off Auth=off 
Signature key ....: [none] Encryption key....: [none] Authentication 
key: [none] General key info..: [none] gpg/carte> admin Les commandes 
d'administration sont permises gpg/carte> key-attr Changing card key 
attribute for: Signature key Sélectionnez le type de clef désiré : (1) 
RSA (2) ECC Quel est votre choix ? 2 Sélectionnez le type de courbe 
elliptique désiré : (1) Curve 25519 *default* (2) Curve 448 (3) NIST 
P-256 (4) NIST P-384 (5) NIST P-521 (6) Brainpool P-256 (7) Brainpool 
P-384 (8) Brainpool P-512 (9) secp256k1 Quel est votre choix ? --------

---------------------------------------------------------------

I tried to configure the board first with secp256k1 then with Curve 448 
and :

-- i can select both algorithms, and the result with the list command is ok

- but, i can't generate keys with secp256k1, i get "Échec de génération 
de la clef : Conditions d'utilisation non satisfaites" : fail to 
generate key : used conditions not satisfied

- but, i can't generate keys with Curve 448, i get "Échec de génération 
de la clef : Erreur de carte" : fail to generate key : board error

Curve 25519 keys generation works fine

With gnuPG 2.4.4 on LinuxMint 21.3

Best regards

Le 18/02/2025 à 02:10, NIIBE Yutaka a écrit :
> Hello,
>
> Frédéric SUEL<frederic.suel at free.fr> wrote:
>> Yes, i made the test twice  (compiling and executing).
> Thank you for your confirmation.
>
> I think that I misunderstood your questions
>
> In the previous mail of yours, you wrote:
>> 1) RSA support with key-attr is always available but doesn't work
>> 2) I can't find with key-attr X448 or Ed448 support
> And then, I asked:
>> Are you sure if it's Gnuk 2.2?  As the CLI interaction example above
>> shows, it works for me (no RSA, has X448 and Ed448 support).
> With Gnuk 2.2, you can confirm that there is no RSA support
> but X448 and Ed448 support by executing following command:
>
>    $ gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye
>
>
> Here is my revised answer.
>
> * UI of GnuPG always asks users blindly for RSA option, even if the
>    card/token doesn't have RSA support.  I agree that it's good to be
>    improved.
>
> * You need --expert option with "gpg --card-edit" to enable other ECC
>    support like X448 and Ed448.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnuk-users/attachments/20250218/846c84fe/attachment.html>