[Gnuk-users] Ed25519 for signing broken?
Jonathan Schleifer
js-gnuk-users at webkeks.org
Sat Feb 7 20:44:00 UTC 2015
Hi!
I'm trying to use the following setup with my Gnuk @ 1.1.4:
* 4096 bit RSA certification key (so everyone can at least import and sign my key)
* 255 bit Ed25519 signing key (so I can create small signatures ;))
* 4096 bit RSA encryption key
* 255 bit Ed25519 authentication key (for SSH)
I use GnuPG 2.1.1 with 2 patches:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=bdc8efbdd124d836c36cf482216e375421f72891;hp=76140141699b545f7a988bf5fc101063917e8ce3
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=9453d645d4a489f038829c80343c124fff62d635;hp=6c87d1ce66d8e93e6c0f16c06116e9179f6158ba
I store the signing key, encryption key and authentication key on the Gnuk and the certification key on some offline media.
So much about my setup. Now my problem: I tried to set a pin when there was no key on the Gnuk, but that did not seem to work. As soon as there was a key on the Gnuk, I could set a PIN. However, once I uploaded the signing key, the PIN is not accepted anymore. If I then change the PIN using the admin PIN, I can access the key - but the Gnuk generates invalid signatures.
So, why can't I set a PIN before I upload a key? Isn't that pretty pointless as the key is encrypted using the PIN? That means I'm basically forced to encrypt it with 123456, change my PIN and then transfer it to the Gnuk again? And what am I doing wrong that my PIN doesn't work anymore as soon as I upload the Ed25519 signing key?
--
Jonathan
--
Jonathan
More information about the gnuk-users
mailing list