scd: ECDH Support
gniibe at fsij.org
Wed Dec 17 03:39:39 CET 2014
On 12/09/2014 04:27 PM, NIIBE Yutaka wrote:
> Here are changes to support ECDH by scdaemon.
> I tested this code with experimental version of Gnuk. It takes about
> 0.6 second to decrypt for NIST P-256 (measured on host PC by gpg
And it works with Gnuk 1.1.4.
> I don't know if this protocol is good (or compatible) with existing
> smartcard/token/hsm. In this implementation, scdaemon only computes
> [d]P (d: private key, P: point) to get shared point and does not
> compute AESWrap, following the protocol of gpg-agent.
It was around March 2013, when I wrote some code for scdaemon's
partial support of ECDH. At that time, I thought it were card/token
which also computes AESWrap. In the current implementation of GnuPG,
it's not even gpg-agent, but gpg frontend itself which does AESWrap.
So, the changes in the patch make sense.
Since March 2013, I haven't got any information about existing
card/hsm which supports C(1, 1, ECC CDH). (While I know those which
support ECDSA.) Speaking about situation in Japan, "Specifications of
ciphers in the e-Government Recommended Ciphers List" was published
(after I wrote code in 2013):
It only addresses C(2, 0, ECC CDH) (as the former version of 2003).
Given this situation, I think that this patch is relevant and it can
be a reference for those who want to implement ECC on their
More information about the Gnupg-devel