[Gnuk-users] generating ECC keys on the device
NIIBE Yutaka
gniibe at fsij.org
Fri Dec 16 06:53:06 UTC 2016
Jan Suhr | Nitrokey <jan at nitrokey.com> writes:
> When executing gpg --card-edit -> admin > generate I'm able to specify
> the RSA key length and generate those keys on the device. But it's
> limited to RSA only. Is it possible to generate ECC keys similarly?
>
> I use GnuPG 2.1.15.
IIRC, ECC key generation was added in GnuPG 2.1.16. And Gnuk 1.2.2 has
a bug for ECC key generation (which was fixed in the repo).
I think that gpg frontend is not yet complete for card operations. Key
attributes change is automatically done when "keytocard" command, but
currently there is no way to specify which type of key a user wants to
generate. "generate" subcommand generate key of current key attribute.
You can change a key attribute by manually send command to gpg-agent (to
ask sending to scdaemon).
Here are examples:
$ gpg-connect-agent "SCD SETATTR KEY-ATTR --force 1 19 nistp256" /bye
$ gpg-connect-agent "SCD SETATTR KEY-ATTR --force 2 18 nistp256" /bye
$ gpg-connect-agent "SCD SETATTR KEY-ATTR --force 1 22 ed25519" /bye
$ gpg-connect-agent "SCD SETATTR KEY-ATTR --force 2 18 cv25519" /bye
$ gpg-connect-agent "SCD SETATTR KEY-ATTR --force 3 22 ed25519" /bye
--
More information about the gnuk-users
mailing list