OpenPGP Card ECC status?

Simon Josefsson simon at josefsson.org
Wed Sep 3 23:23:30 CEST 2014


Hi Achim,

Thanks for the update on the OpenPGP Card spec!  That all sounds good.
I'm hoping Werner can comment on what's left to do in GnuPG.

(FWIW, I believe the NEO can support NIST, Brainpool and ANSSI curves --
https://github.com/Yubico/ykneo-curves -- but probably not Curve25519)

/Simon

Achim Pietig <achim at pietig.com> writes:

> Hi Simon,
>
> there was a little henn-egg problem with the card specification in the past.
> I published a beta version with ECC (partly) last year, but the
> related standards (ISO 7816-x)
> were not finished. As in the past I plan to be as close as possible to
> international smart card standards
> because all somming products will follow them and there is no chance
> to get proprietary functions/algorithms
> in cards on the market.
> Most important for future cards will be EN 419212 (Application
> Interface for smart cards used as Secure Signature Creation Devices),
> that replaces the discarded EN 14890, that I used in previous versions
> of the OpenPGP card spec. This standard is ready now and I plan
> to finalize the OpenPGP card spec soon. I still need some help from
> Werner for defining the dec-command, because this requires a special
> usage of ECC.
> sign and auth is clear at the moment - all new standards only support
> Brainpool, NIST was stripped of from all papers after the NSA problem
> last year.
> Key import for ECC is also described in new ISO 7816-8 (not ready, but
> stable enough for usage).
> After finishing the spec we can do test implementations and after that
> GnuPG can be finished in that direction.
>
> Best regards
> Achim
>
>
> Am 02.09.2014 um 09:51 schrieb Simon Josefsson:
>> Hi.  What's the status of support for OpenPGP cards with ECC in GnuPG?
>> Is there a recommended GnuPG version to test with?  Does on-board key
>> generation work?  Key import?  We are happy to add support for ECC on
>> the hardware side in the YubiKey NEO applet [1].  I have been under the
>> impression that the GnuPG side of things haven't been ready, but I'm
>> happy if this is no longer the case.
>> 
>> /Simon
>> 
>> [1] https://github.com/Yubico/ykneo-openpgp
>> 
>> 
>> 
>> _______________________________________________
>> Gnupg-devel mailing list
>> Gnupg-devel at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
>> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: </pipermail/attachments/20140903/331439bd/attachment.sig>


More information about the Gnupg-devel mailing list