[PATCH gnupg+libksba 0/2] Fix CSR generation from card-based ECDSA keys.
dgouttegattat at incenp.org
Fri Nov 16 02:27:36 CET 2018
Hi GnuPG folks,
The following patchset intends to fix the generation of CSR from a
card-based ECDSA key (e.g., a key stored on a Gnuk token, or any
other device compliant with version 3+ of the OpenPGP Card
Currently, when generating a CSR GpgSM assumes a card-based key
can only be a RSA key, and the resulting CSR therefore has an
improper signature value .
The first patch (against gnupg) makes GpgSM build a 'sig-val'
S-expression corresponding to the actual type of the signature.
The second patch (against libksba) ensures that libksba can
generate a CSR whose signature comprises several values (as is the
case for ECDSA signatures).
(Ultimately the goal would be to make Scute support EdDSA certificates
for client authentication; this is currently not possible  but
supporting ECDSA in GpgSM is a first step.)
More information about the Gnupg-devel