ECC and smartcards
Werner Koch
wk at gnupg.org
Tue Oct 1 14:27:00 CEST 2013
On Thu, 26 Sep 2013 07:27, gniibe at fsij.org said:
> Since then, I did some part of ECDSA in GnuPG 2.1.x. I tested it with
> Gnuk development version for authentication.
I have more and more doubts that using ECDSA by default in GnuPG is the
Right Thing. Although I don't think that the NIST curves have been
selected for possible future algorithm break or a chance for broken
implementations, we can't be sure about it and many people will probably
not trust them for non-technical reasons. Thus a released 2.1.0 will
likely use Bernstein et al.'s curves by default.
Given that it is unlikely that we will find an implementation of
Curve25519 in a proprietary smartcard any time soon, I am bit lost on
what do do with ECC and smartcards. Given that Gnuk would actually
benefit from a fast software implementable curve, it might be a good
idea to take the first step and do just that. Ed22519 is now
implemented in Libgcrypt and a next step could be to squeeze it into the
RFC-6637 format (using non-compressed points) and make it the default
ECC signing algorithm.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list