[Gnuk-users] Ed25519 for signing broken?

[Jonathan Schleifer]

Am 10.02.2015 um 02:30 schrieb NIIBE Yutaka <gniibe at fsij.org>:

> On 02/10/2015 05:09 AM, Jonathan Schleifer wrote:
>> That link talks about deactivating the admin PIN. How would I do
>> that with 1.1.4? I guess this doesn't work anymore since 1.1.4 can't
>> set a PIN without keys?
> 
> It is supported in 1.1.4, too.  I call it "Admin-less mode"
> 
> This is deliberate feature of Gnuk, which is not in the OpenPGPcard
> specification.  (I don't expect this feature will be in the
> specification, because it's against the practice of smartcard
> industry.)
> 
> After importing keys, you will change user PIN only.  Then, it's
> "Admin-less mode", where admin PIN == user PIN.

Uhm, but I already have to enter the admin PIN when I import a key (being 12345678 on a freshly flashed Gnuk). Will importing a key reset the admin PIN afterwards? I noticed that importing a signature key seems resets the PIN to 123456.

> You will be hit by this bug on very specific occasion (of removing
> your key in "Admin-full mode"), and impact is only when flash ROM were
> disclosed.  Please evaluate.

It is still not clear to me how the key is protected in the flash when importing a key resets the PIN to 123456 :/.

> I don't recommend using EdDSA signing yet.  It is OK for OpenSSH,
> provided you don't distribute your public key with EdDSA subkey
> widely.

Actually, I considered this carefully. My idea was to have a 4096 bit RSA Certify key, which everybody should be able to import. The Ed25519 key for signing then only works with GnuPG 2.1, true, but I am mainly using it to sign Git commits and will urge users to upgrade. I also have an RSA 4096 bit RSA key for encryption, so even users with old GnuPG versions can sent me encrypted mail. And then there's an Ed25519 key for SSH ;).

--
Jonathan