OpenPGP Card ECC status?
Achim Pietig
achim at pietig.com
Tue Sep 2 11:49:38 CEST 2014
Hi Simon,
there was a little henn-egg problem with the card specification in the past.
I published a beta version with ECC (partly) last year, but the related standards (ISO 7816-x)
were not finished. As in the past I plan to be as close as possible to international smart card standards
because all somming products will follow them and there is no chance to get proprietary functions/algorithms
in cards on the market.
Most important for future cards will be EN 419212 (Application Interface for smart cards used as Secure Signature Creation Devices),
that replaces the discarded EN 14890, that I used in previous versions of the OpenPGP card spec. This standard is ready now and I plan
to finalize the OpenPGP card spec soon. I still need some help from Werner for defining the dec-command, because this requires a special usage of ECC.
sign and auth is clear at the moment - all new standards only support Brainpool, NIST was stripped of from all papers after the NSA problem last year.
Key import for ECC is also described in new ISO 7816-8 (not ready, but stable enough for usage).
After finishing the spec we can do test implementations and after that GnuPG can be finished in that direction.
Best regards
Achim
Am 02.09.2014 um 09:51 schrieb Simon Josefsson:
> Hi. What's the status of support for OpenPGP cards with ECC in GnuPG?
> Is there a recommended GnuPG version to test with? Does on-board key
> generation work? Key import? We are happy to add support for ECC on
> the hardware side in the YubiKey NEO applet [1]. I have been under the
> impression that the GnuPG side of things haven't been ready, but I'm
> happy if this is no longer the case.
>
> /Simon
>
> [1] https://github.com/Yubico/ykneo-openpgp
>
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
>
More information about the Gnupg-devel
mailing list