[Gnuk-users] State of EdDSA in Gnuk / GnuPG

Bertrand Jacquin bertrand at jacquin.bzh
Sat Jan 31 15:29:39 UTC 2015

On 26/01/2015 00:40, NIIBE Yutaka wrote:
> On 19/01/2015 05:41, NIIBE Yutaka wrote:
>> In the following script I use gnuk_token.py under gnuk/tool/.  It will
>> overwrite the attribute of OpenPGP.3 (auth) key, provided the Auth
>> passphrase is factory setting.
>> ================================ enable-ed25519-gnuk-auth.py
>> from gnuk_token import get_gnuk_device
>> g = get_gnuk_device()
>> g.cmd_select_openpgp()
>> g.cmd_verify(3,"12345678")
>> g.cmd_put_data(0,0xc3,"\x16\x2b\x06\x01\x04\x01\xda\x47\x0f\x01")
>> ================================
> 0xc3 refers the data object for algorithm attribute of authentication
> key.  \x16 is the (proposed) algorithm number for EdDSA.
> \x2b\x06\x01\x04\x01\xda\x47\x0f\x01 is the OID of the curve Ed25519.
> On 01/24/2015 11:32 PM, Bertrand Jacquin wrote:
>> What can I use to enable EdDSA for signing key as well ?
> Please use 0xc1 which refers the data object for algorithm attribute
> of signature key.

That works like a charm, thank you very much

> Please note that OpenPGP EdDSA key is experimental and the format is
> not stable (And there is no support for encryption with corresponding
> algorithm).  I don't know about keyserver implementation(s), but it
> may not yet handle unofficial format of EdDSA key.

I understand your meaning. Once IETF would have validate the EdDSA key 
format in this form or with another will it be possible to migrate to 
one format to another in the case I have the key in a armor form 
somewhere ?



More information about the gnuk-users mailing list