ECC and smartcards

Werner Koch wk at
Fri Feb 15 13:53:58 CET 2013

On Fri, 15 Feb 2013 08:03, gniibe at said:

> I think that it's good if GnuPG 2.1 comes with the ECDSA/ECDH support
> for smartcard.

Right, Achim asked me a few years ago, what we need in the specs to
support ECC.

> Besides, I'm considering adding ECC feature to development branch of
> Gnuk, too.  (I only have NIST curve P-256 computation routines, now.)
> ECDSA is mostly ready.  For ECDH, I'll need to implement AESwrap

That is perfectly okay.  However ECDH is more complicated because it is
quite OpenPGP specific and most is done in gpg and not in gpg-agent.
Thus I am not sure whether it is a good idea to implement the OpenPGP
ECDH stuff in the card.  It might be better to implement the raw
operations on the card and keep the rest in gpg.  How is ECDH
implemented by other smartcard specs?

What I mean is that, despite it is called OpenPGP card, it is a pretty
generic card spec with only two data objects for OpenPGP meta data
(fingerprint and creation date).

> I'm not sure about user interface, though.  That is, how we should
> show this attribute for output of --card-status of GnuPG.
> Currently for RSA, it's like:
> 	Key attributes ...: 2048R 2048R 2048R
> It will be something like:
> 	Key attributes ...: 256E 256e 256E

That is okay, we don't show the RSA key parameters either.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list