[Gnuk-users] State of EdDSA in Gnuk / GnuPG
NIIBE Yutaka
gniibe at fsij.org
Mon Jan 19 05:41:44 UTC 2015
On 01/18/2015 09:24 AM, Bertrand Jacquin wrote:
> I'm playing with GnuPG 2.1 and Gnuk in the idea to use EdDSA keys,
> but it seems that some patches are needed around libgcrypt, gnupg to
> fully to able to do this and to currently have limitation.
For EdDSA to use with GnuPG and Gnuk, only a single patch is needed:
http://lists.gnupg.org/pipermail/gnupg-devel/2014-December/029283.html
I assume you will get source code from master branch of git.gnupg.org.
If you want to apply changes to GnuPG 2.1.1, you also need:
http://lists.gnupg.org/pipermail/gnupg-devel/2014-December/029183.html
I think that you need libgcrypt 1.6.2 (at least).
Gnuk 1.1.4 has EdDSA support already. But you need to enable it
manually, as GnuPG doesn't has support of changing corresponding
attributes yet.
In the following script I use gnuk_token.py under gnuk/tool/. It will
overwrite the attribute of OpenPGP.3 (auth) key, provided the Auth
passphrase is factory setting.
================================ enable-ed25519-gnuk-auth.py
from gnuk_token import get_gnuk_device
g = get_gnuk_device()
g.cmd_select_openpgp()
g.cmd_verify(3,"12345678")
g.cmd_put_data(0,0xc3,"\x16\x2b\x06\x01\x04\x01\xda\x47\x0f\x01")
================================
For Curve25519 (encryption/decryption), Gnuk only has lower-level
routine and upper-layer is comming soon, together with changes needed
to GnuPG.
--
More information about the gnuk-users
mailing list