ECC and smartcards

Werner Koch wk at
Tue Oct 1 14:27:00 CEST 2013

On Thu, 26 Sep 2013 07:27, gniibe at said:

> Since then, I did some part of ECDSA in GnuPG 2.1.x.  I tested it with
> Gnuk development version for authentication.

I have more and more doubts that using ECDSA by default in GnuPG is the
Right Thing.  Although I don't think that the NIST curves have been
selected for possible future algorithm break or a chance for broken
implementations, we can't be sure about it and many people will probably
not trust them for non-technical reasons.  Thus a released 2.1.0 will
likely use Bernstein et al.'s curves by default.

Given that it is unlikely that we will find an implementation of
Curve25519 in a proprietary smartcard any time soon, I am bit lost on
what do do with ECC and smartcards.  Given that Gnuk would actually
benefit from a fast software implementable curve, it might be a good
idea to take the first step and do just that.  Ed22519 is now
implemented in Libgcrypt and a next step could be to squeeze it into the
RFC-6637 format (using non-compressed points) and make it the default
ECC signing algorithm.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list