Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. devel
OpenPGP smartcard and supported curves
bjk at luxsci
Feb 8, 2021, 9:37 PM
Post #1 of 4 (353 views)
Permalink
Hi all,

I have version 3.4 OpenPGP smartcard and am trying to get ed25519 keys
working. I have tried generating a signing key on-card and also
importing via the keytocard command of --card-edit with both methods
returning an 'Invalid value' error. The nist keys work fine. Is this a
limitation of the card?

Thanks,

--
Ben Kibbey

Attached Files:

Re: OpenPGP smartcard and supported curves [ In reply to ]
gnupg-devel at gnupg
Feb 8, 2021, 11:33 PM
Post #2 of 4 (353 views)
Permalink
Hi Ben,

On 09.02.2021 06:37, Ben Kibbey wrote:
> I have version 3.4 OpenPGP smartcard and am trying to get ed25519 keys
> working. I have tried generating a signing key on-card and also
> importing via the keytocard command of --card-edit with both methods
> returning an 'Invalid value' error. The nist keys work fine. Is this a
> limitation of the card?

I haven't seen this error personally but just for completeness sake you
may change the key card attribute if you didn't try that:

$ gpg --edit-card
gpg/card> admin
gpg/card> key-attr
Changing card key attribute for: Signature key
Please select what kind of key you want:
(1) RSA
(2) ECC
Your selection? 2
Please select which elliptic curve you want:
(1) Curve 25519
(4) NIST P-384
Your selection? 1
gpg/card> generate

(adapted from
https://developers.yubico.com/PGP/YubiKey_5.2.3_Enhancements_to_OpenPGP_3.4.html
).

Kind regards,
Wiktor

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: OpenPGP smartcard and supported curves [ In reply to ]
kloecker at kde
Feb 8, 2021, 11:58 PM
Post #3 of 4 (353 views)
Permalink
Hi,

I think the gnupg-users mailing list would have been the more appropriate
mailing list for your message.

On Dienstag, 9. Februar 2021 06:37:02 CET Ben Kibbey wrote:
> Hi all,
>
> I have version 3.4 OpenPGP smartcard and am trying to get ed25519 keys
> working. I have tried generating a signing key on-card and also
> importing via the keytocard command of --card-edit with both methods
> returning an 'Invalid value' error. The nist keys work fine. Is this a
> limitation of the card?

Which version of gpg (gpg --version) are you using? Which commands did you
use? What was the exact output? Did you try to track down the problem by
enabling more verbose/debug output?

The current development version which is going to become gpg 2.3 has seen a
lot of improvements for smartcards. Since you are writing to the development
mailing list, I suggest that you give gpg 2.3 a try (after compiling it
yourself).

I think "Invalid value" points more to a limitation of gpg (probably scdaemon)
than a limitation of the card.

Regards,
Ingo

Attached Files:

Re: OpenPGP smartcard and supported curves [ In reply to ]
gnupg-devel at gnupg
Feb 9, 2021, 1:07 AM
Post #4 of 4 (353 views)
Permalink
On Tue, 9 Feb 2021 08:33, Wiktor Kwapisiewicz said:

> Please select which elliptic curve you want:
> (1) Curve 25519

Note that this is for a Yubikey and not for Zeitcontrol card. The
OpenPGP spec allows for Curve25519 but not all implementations support
it.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal