Seeking Assistance with GnuPG for Signing Arbitrary Data Using a Smart Card
yengas07 at gmail.com
Wed Apr 5 22:17:00 CEST 2023
I am using a Yubikey 5C NFC with OpenPGP Version 3.4 Applet and an
`ed25519` curve signing key. I'm attempting to create `EdDSA`
Algorithm JWTs using GnuPG tooling, but I've encountered some
difficulties. I've used `gpg-connect-agent` to interact with my Smart
Card through a low-level API, as shown in the following commands:
SCD READKEY OPENPGP.1
SCD SETDATA $MY_ARBITRARY_DATA
SCD PKSIGN --hash=sha512 OPENPGP.1
I can sign arbitrary data with some limitations, and the successful
output looks like:
I have a few questions about this process:
1. Is it feasible to use `gpg-connect-agent` and the `SCD *`
operations for my goal? Are there any alternative approaches?
2. In the output, are the public key and signature encoded with
S-Expression and MPI? How should I parse this output?
3. I receive an error when trying to `SCD PKSIGN` with data above 64
bytes: "ERR 100663351 Invalid value <SCD>". Is this a tooling
limitation, or is there a way to sign arbitrary data? I can sign
arbitrary data using `COMPUTE DIGITAL SIGNATURE` with direct APDU
communication to the Smart Card.
Thank you for your help!
More information about the Gnupg-users