OpenPGP Card ECC status?

NIIBE Yutaka gniibe at
Tue Sep 9 09:54:56 CEST 2014

On 2014-09-09 at 08:41 +0200, Simon Josefsson wrote:
> So do I..  I'm hoping this won't be too far away, but I think there is
> value in getting experience with the existing ECC standards with GnuPG
> and with smartcards, since that appears to be lower-hanging-fruit.

For smartcard/tokon part, I implemented NIST P256 curve in Gnuk around
February 2013.  IIRC, I submitted an experimental patch for SCDaemon
to support this, around March 2013.  I tested, it worked well for me.

Then, the summer of 2013 came.  No one (I mean, my target customers)
wants to use that, so, I didn't push this further.

Then, one of my customers suggested me to support the curve of
Bitcoin, so that Gnuk can be a private key store for Bitcoin.  I
implemented the curve in February 2014.  I'm not sure if I submitted a
patch to support this ECC thing for SCDaemon, but, I submitted a patch
to support this curve to libgcrypt and GnuPG, and it's included
already.  SKS also supports this now.  I tested, it worked well for
me.  My public key even has subkey for this curve.

Mostly simultaneously, Mt.Gox became so famous in Japan.  It was
unfortunate that "Bitcoin" sounds very bad for general public in
Japan, and... I stop working for that (because of family reasons).

Then, I implemented ed25519 and curve25519 in Gnuk.  Also, I
implemented Montgomery curve routine in libgcrypt, so that we can
support curve25519.  I'm working this now.

For GnuPG support of those ECC features of smartcard/token, all that
we need is some modification of smartcard protocol specification for
them and some glue code of gpg-agent and scdaemon.

More information about the Gnupg-devel mailing list