OpenPGP card specification enhancement for ECDSA support

Andrey Jivsov openpgp at brainhub.org
Tue Mar 5 06:44:51 CET 2013


Hello NIIBE,

I agree that you would want to support uncompressed ECC key 
representation at least because you never know where a key came from.

Having said this, GnuPG should change the key generation to generate 
"compliant" keys all the time. I do this in my software. There is no 
reason not to do so. This gives an option to use an efficient 
representation down the road, but that's not a requirement. One can 
still encode a compliant key per RFC6637 (uncompressed).

I can volunteer to write a patch for the compliant key generation for 
GnuPG when I find time.

On 03/03/2013 05:19 PM, NIIBE Yutaka wrote:
> Hello Andrey,
>
> On 2013-03-02 at 18:12 +0900, NIIBE Yutaka wrote:
>> On 2013-03-01 at 11:02 -0800, Andrey Jivsov wrote:
>>> Please consider using the compact representation of an ECC point:
>>> http://tools.ietf.org/html/draft-jivsov-ecc-compact with the OpenPGP card.
>>
>> Thank you very much.  I didn't know this document.  All that I had
>> known about compression was x + (1-bit of y).
>
> I considered again.
>
> For new keys, we will be able to take advantage of this compact
> representation.  But, there are already ECDSA keys out there.
>
> I will limit key space for Gnuk for new keys, so that keys generated
> on Gnuk Token can be represented by the compact representation.  But,
> note that most users of Gnuk use writekey command, generating keys on
> host PC.
>
> I think that Gnuk Token should not limit key space for writekey
> command (host PC -> Gnuk Token), but should accept keys of other half
> space for inter-operablity.
>
> Speaking for GnuPG, same argument could be applied.
>
> It is true that there has been no released versions which support
> ECDSA yet.  But, it should handle any keys by any OpenPGP ECC
> implementations.  Besides, GnuPG supports SSH and X.509.  With the
> possibility of 50%, existing keys of ECDSA couldn't be represented by
> the compact representation.  I think that GnuPG should handle both of
> the compact representation and the uncompressed representation.
>





More information about the Gnupg-devel mailing list