[Gnuk-users] How to test ECC with Gnuk 1.1.4
NIIBE Yutaka
gniibe at fsij.org
Mon Dec 15 06:26:12 UTC 2014
I submitted a patch to GnuPG to enable ECC support of smartcard/token,
and we need to use the patch for ECC.
With Gnuk 1.1.4, I wrote a script and saved into
/var/tmp/enable-ecc-gnuk.py:
=========================
from gnuk_token import get_gnuk_device
g = get_gnuk_device()
g.cmd_select_openpgp()
g.cmd_verify(3,"12345678")
g.cmd_put_data(0,0xc1,"\x13\x2a\x86\x48\xce\x3d\x03\x01\x07")
g.cmd_put_data(0,0xc2,"\x12\x2a\x86\x48\xce\x3d\x03\x01\x07")
g.cmd_put_data(0,0xc3,"\x16\x2b\x06\x01\x04\x01\xda\x47\x0f\x01")
=========================
gnuk_token is the code I have in gnuk/tool. It changes to:
signature key with NIST P-256, decrypt key with NIST P-256,
auth key with Ed25519.
Running this script, fresh Gnuk will become a token with ECC, by
changing its key algorithm attributes.
Newer GnuPG partial support of modifying key algorithm attributes of
card/token, but it's limited to only modifying its key size. I mean,
you can install RSA-4096 key to usual Gnuk 1.1.4. You don't need
another script.
I'm considering to submit change to support full support of modifying
key algorithm attributes (algo + key size). Until it will be merged
into GnuPG, please use this script.
--
More information about the gnuk-users
mailing list