<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Noto Serif">Hi, <br>
</font></p>
<p><font face="Noto Serif">I think it becomes clear for me (see
below). Thanks.</font></p>
<p><font face="Noto Serif">---------------------------------------------------------------<br>
</font></p>
<p><font face="Noto Serif">I understand that with Gnuk 2.2 :<br>
</font></p>
<p><font face="Noto Serif">--</font><span
style="white-space: pre-wrap"> $ gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye tell me all the algorithms available on the Gnuk Card (</span><span
style="white-space: pre-wrap">see below with my Blue Pill Plus board)</span></p>
<p><span style="white-space: pre-wrap">--------</span></p>
<p><span style="white-space: pre-wrap">gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye
S KEY-ATTR-INFO OPENPGP.1 secp256k1
S KEY-ATTR-INFO OPENPGP.1 ed25519
S KEY-ATTR-INFO OPENPGP.1 ed448
S KEY-ATTR-INFO OPENPGP.2 secp256k1
S KEY-ATTR-INFO OPENPGP.2 cv25519
S KEY-ATTR-INFO OPENPGP.2 cv448
S KEY-ATTR-INFO OPENPGP.3 secp256k1
S KEY-ATTR-INFO OPENPGP.3 ed25519
S KEY-ATTR-INFO OPENPGP.3 ed448
OK
</span><span style="white-space: pre-wrap">--------</span></p>
<p><span style="white-space: pre-wrap">-- gpg --expert --card-edit show me all algoritms available with GnuPG even algorithms not available in Gnuk Card as RSA and ECC/choice number 3, 4, 5, 6, 7 and 8 in the example (see below </span><span
style="white-space: pre-wrap"> with my Blue Pill Plus board</span><span
style="white-space: pre-wrap">)</span></p>
<p><span style="white-space: pre-wrap">--------
</span></p>
<p><span style="white-space: pre-wrap">$ gpg --expert --card-edit
Reader ...........: 1209:2440:FSIJ-2.2-43112959:0
Application ID ...: D276000124010200FFFE431129590000
Application type .: OpenPGP
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 43112959
Name of cardholder: [non positionné]
Language prefs ...: [non positionné]
Salutation .......:
URL of public key : [non positionné]
Login data .......: [non positionné]
Signature PIN ....: forcé
Key attributes ...: secp256k1 secp256k1 secp256k1
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
KDF setting ......: on
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
gpg/carte> admin
Les commandes d'administration sont permises
gpg/carte> key-attr
Changing card key attribute for: Signature key
Sélectionnez le type de clef désiré :
(1) RSA
(2) ECC
Quel est votre choix ? 2
Sélectionnez le type de courbe elliptique désiré :
(1) Curve 25519 *default*
(2) Curve 448
(3) NIST P-256
(4) NIST P-384
(5) NIST P-521
(6) Brainpool P-256
(7) Brainpool P-384
(8) Brainpool P-512
(9) secp256k1
Quel est votre choix ?
</span><span style="white-space: pre-wrap">--------</span></p>
<p><span style="white-space: pre-wrap">---------------------------------------------------------------</span></p>
<p><span style="white-space: pre-wrap">I tried to configure the board first with secp256k1 then with Curve 448 and :</span></p>
<p><span style="white-space: pre-wrap">-- i can select both algorithms, and the result with the list command is ok</span></p>
<p><span style="white-space: pre-wrap">- but, i can't generate keys with </span><span
style="white-space: pre-wrap">secp256k1, i get "Échec de génération de la clef : Conditions d'utilisation non satisfaites" : </span><span
style="white-space: pre-wrap">fail to generate key : used conditions not satisfied</span></p>
<p><span style="white-space: pre-wrap">- but, i can't generate keys with </span><span
style="white-space: pre-wrap">Curve 448, i get "Échec de génération de la clef : Erreur de carte" : fail to generate key : board error</span></p>
<p><span style="white-space: pre-wrap">Curve 25519 keys generation works fine
</span></p>
<p><span style="white-space: pre-wrap">With gnuPG 2.4.4 on LinuxMint 21.3
</span></p>
<p><span style="white-space: pre-wrap">Best regards
</span></p>
<div class="moz-cite-prefix">Le 18/02/2025 à 02:10, NIIBE Yutaka a
écrit :<br>
</div>
<blockquote type="cite" cite="mid:87zfikkqgz.fsf@haruna.fsij.org">
<pre wrap="" class="moz-quote-pre">Hello,
Frédéric SUEL <a class="moz-txt-link-rfc2396E" href="mailto:frederic.suel@free.fr"><frederic.suel@free.fr></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="" class="moz-quote-pre">Yes, i made the test twice (compiling and executing).
</pre>
</blockquote>
<pre wrap="" class="moz-quote-pre">
Thank you for your confirmation.
I think that I misunderstood your questions
In the previous mail of yours, you wrote:
</pre>
<blockquote type="cite">
<pre wrap="" class="moz-quote-pre">1) RSA support with key-attr is always available but doesn't work
2) I can't find with key-attr X448 or Ed448 support
</pre>
</blockquote>
<pre wrap="" class="moz-quote-pre">
And then, I asked:
</pre>
<blockquote type="cite">
<pre wrap="" class="moz-quote-pre">Are you sure if it's Gnuk 2.2? As the CLI interaction example above
shows, it works for me (no RSA, has X448 and Ed448 support).
</pre>
</blockquote>
<pre wrap="" class="moz-quote-pre">
With Gnuk 2.2, you can confirm that there is no RSA support
but X448 and Ed448 support by executing following command:
$ gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye
Here is my revised answer.
* UI of GnuPG always asks users blindly for RSA option, even if the
card/token doesn't have RSA support. I agree that it's good to be
improved.
* You need --expert option with "gpg --card-edit" to enable other ECC
support like X448 and Ed448.
</pre>
</blockquote>
<div id="grammalecte_menu_main_button_shadow_host"
style="width: 0px; height: 0px;"></div>
</body>
</html>