[PATCH gnupg 1/2] sm: Support generation of card-based ECDSA CSR.

NIIBE Yutaka gniibe at fsij.org
Thu Feb 14 01:55:59 CET 2019


Damien Goutte-Gattat wrote:
> * sm/call-agent.c (gpgsm_scd_pksign): Identify type of signing key
> and format resulting S-expression accordingly.
> * sm/misc.c (transform_sigval): Support ECDSA signatures.
> --
> Current GpgSM implementation assumes card-based keys are RSA keys.
> This patch introduces support for ECDSA keys.
> By itself this patch is not sufficient, we also need support
> from libksba.

Comparing agent_pksign_do in gnupg/agent/pksign.c and your
gpgsm_scd_pksign, I think that it's not yet perfect.

(1) There are three cases; RSA, ECDSA, and EdDSA.  It's good that we can
    support all.

(2) The format of signature by card in agent_pksign_do is the one of
    libgcrypt.  In the agent_pksign_do function, for ECDSA, it checks
    the MSB, and put the prefix 0x00 in this case.  It should be same
    for GpgSM.

Well, shall we apply your patch first, and then proceed to more changes
for EdDSA and 0x00-for-MSB?  Or, are you going to submit updated patch?
Whichever is OK.  Let me know.

More information about the Gnupg-devel mailing list