[PATCH] scd: support any curves defined by libgcrypt.

Bertrand Jacquin bertrand at jacquin.bzh
Wed Aug 19 00:15:45 CEST 2015


On 17/08/2015 05:47, NIIBE Yutaka wrote:
> Hello,
> Thank you for the detailed report.
> On 08/17/2015 09:10 AM, Bertrand Jacquin wrote:
>> This patch introduce as issue with OpenGPG Card FTS-01. I've run a
>> git bisect to be able to point that particular commit.
>> I have a FTS-01 OpenGPG card with a EdDSA sign key and a EdDSA auth
>> key and using gpg-agent as a ssh agent. Since that particular
>> commit, info given by gpg-agent to ssh-add are not conform for ssh:
>> Is there a need to use a particular libgcrypt version ?
> No, it's not required for EdDSA.  If you use encryption (ECDH with
> Curve25519), you need to use the development version of libgcrypt,
> though.
> I also noticed the failure on my side, and I posted:
>     SSH with ed25519:
> https://lists.gnupg.org/pipermail/gnupg-devel/2015-August/030224.html

Thanks for having taking care of this. I can easily wait for that to be 
properly fixed. Thanks !

> If I understand correctly, the problem is in the code of general EdDSA
> with SSH (I mean, including the private key in a host, as well as the
> one in smartcard).  My change for scdaemon unveiled this issue.
> EdDSA with FST-01 just worked before, because of the public key
> representation from scdaemon didn't include the prefix of 0x40.
> My change of scdaemon for the support of more curves "fix"-ed to be
> proper representation between scdaemon<->gpg-agent and it now include
> the prefix of 0x40.
> I think that correct fix should be to the code in general EdDSA with
> SSH (not reverting a part of my change of scdaemon).
> The change in the post of mine works, but it's not good fix.  This is
> basically to point out the issue.  We need to confirm that gpg-agent
> handles EdDSA key with the representation of the prefix 0x40, and
> it is correct for its SSH handling to remove the prefix.
> Sorry, for your inconvenience.


More information about the Gnupg-devel mailing list