OpenPGP Card ECC status?
simon at josefsson.org
Wed Sep 3 23:23:30 CEST 2014
Thanks for the update on the OpenPGP Card spec! That all sounds good.
I'm hoping Werner can comment on what's left to do in GnuPG.
(FWIW, I believe the NEO can support NIST, Brainpool and ANSSI curves --
https://github.com/Yubico/ykneo-curves -- but probably not Curve25519)
Achim Pietig <achim at pietig.com> writes:
> Hi Simon,
> there was a little henn-egg problem with the card specification in the past.
> I published a beta version with ECC (partly) last year, but the
> related standards (ISO 7816-x)
> were not finished. As in the past I plan to be as close as possible to
> international smart card standards
> because all somming products will follow them and there is no chance
> to get proprietary functions/algorithms
> in cards on the market.
> Most important for future cards will be EN 419212 (Application
> Interface for smart cards used as Secure Signature Creation Devices),
> that replaces the discarded EN 14890, that I used in previous versions
> of the OpenPGP card spec. This standard is ready now and I plan
> to finalize the OpenPGP card spec soon. I still need some help from
> Werner for defining the dec-command, because this requires a special
> usage of ECC.
> sign and auth is clear at the moment - all new standards only support
> Brainpool, NIST was stripped of from all papers after the NSA problem
> last year.
> Key import for ECC is also described in new ISO 7816-8 (not ready, but
> stable enough for usage).
> After finishing the spec we can do test implementations and after that
> GnuPG can be finished in that direction.
> Best regards
> Am 02.09.2014 um 09:51 schrieb Simon Josefsson:
>> Hi. What's the status of support for OpenPGP cards with ECC in GnuPG?
>> Is there a recommended GnuPG version to test with? Does on-board key
>> generation work? Key import? We are happy to add support for ECC on
>> the hardware side in the YubiKey NEO applet . I have been under the
>> impression that the GnuPG side of things haven't been ready, but I'm
>> happy if this is no longer the case.
>>  https://github.com/Yubico/ykneo-openpgp
>> Gnupg-devel mailing list
>> Gnupg-devel at gnupg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 472 bytes
Desc: not available
More information about the Gnupg-devel