[PATCH gnupg 1/2] sm: Support generation of card-based ECDSA CSR.

Damien Goutte-Gattat dgouttegattat at incenp.org
Fri Feb 15 00:19:52 CET 2019


On Thu, Feb 14, 2019 at 09:55:59AM +0900, NIIBE Yutaka wrote:
> (1) There are three cases; RSA, ECDSA, and EdDSA.  It's good that we can
>     support all.

Agreed. I have another patch in the works to add support for EdDSA.

> (2) The format of signature by card in agent_pksign_do is the one of
>     libgcrypt.  In the agent_pksign_do function, for ECDSA, it checks
>     the MSB, and put the prefix 0x00 in this case.  It should be same
>     for GpgSM.

I can look into that, but I am not sure I understand everything here.

Looking at the agent_pksign_do function, I can see that this MSB
checking is performed for RSA and ECDSA signatures, but not for EdDSA.

 (1) Is it normal not to do this check for EdDSA?

 (2) Currently gpgsm_scd_pksign does not perform this check for RSA
     (that’s actually why I didn’t think it was needed for ECDSA as
     well, and didn’t implement it in my patch). Again, is that
     normal? Or should we add this check also for RSA?

> Well, shall we apply your patch first, and then proceed to more changes
> for EdDSA

Yes, that was kind of my plan: First add ECDSA support, then build upon
that to add EdDSA support afterward. I will post the patch for EdDSA

> and 0x00-for-MSB?

Likewise, I can submit another patch later for this issue, once I will
be sure I know what I am doing and why I am doing it. :)


- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190214/8dc84766/attachment.sig>

More information about the Gnupg-devel mailing list