scd: change_keyattr_from_string for ECC.

NIIBE Yutaka gniibe at fsij.org
Tue Jul 21 01:23:07 CEST 2015


On 07/20/2015 11:25 PM, Werner Koch wrote:
> Why not use
> 
>   SCD SETATTR KEY-ATTR --force 3 1 rsa2048
> 
> and handle card specific details in app-openpgp.c ?

Yes, I'd like to support that.  And, I'm wondering HOW we can
implement that.

When SCDaemon composes the data to be sent, it's like:

    01 08 00 00 20 00

    where

    01: RSA
    08 00: 2048-bit modulus size (of n)
    00 20: 32-bit exponent size  (of e)
    00: private key format from host to card is (e, p, q)

OpenPGPcard allows four formats for RSA key (to be stored into the
card);

    00: e, p, q
    01: e, p, q, n
    02: e, p, q, dp, dq
    03: e, p, q, dp, dq, n

When the key attribute is for RSA, and being asked (by a user) to
change the size of RSA key, SCDaemon only change the size of public
key in the key attribute data object (by reading out the data object,
then writing the changed value).  That is, SCDaemon does not change
the format specifier of the key attribute.

When the key attribute is for ECC, and being asked to change it back
to RSA, SCDaemon doesn't have an idea what format the card supports.

So, I wonder: SCDaemon to

    (1) try all those four possibilities
    (2) have a card specific information which card/version support what
    (3) assume that (in future) the card has flag to specify which format
    (4) assume that
          the card ignore the format specifier by SCDaemon
    (5) not specify the format specifier and let the card decide it
          but... sending only 5-byte (01 08 00 00 20) for PUT DATA is OK?

If (5) doesn't violate ISO 7816, this sounds good.
-- 



More information about the Gnupg-devel mailing list