[Gnuk-users] How to test ECC with Gnuk 1.1.4

NIIBE Yutaka gniibe at fsij.org
Mon Dec 15 06:26:12 UTC 2014


I submitted a patch to GnuPG to enable ECC support of smartcard/token,
and we need to use the patch for ECC.

With Gnuk 1.1.4, I wrote a script and saved into
/var/tmp/enable-ecc-gnuk.py:

=========================
from gnuk_token import get_gnuk_device
g = get_gnuk_device()
g.cmd_select_openpgp()
g.cmd_verify(3,"12345678")
g.cmd_put_data(0,0xc1,"\x13\x2a\x86\x48\xce\x3d\x03\x01\x07")
g.cmd_put_data(0,0xc2,"\x12\x2a\x86\x48\xce\x3d\x03\x01\x07")
g.cmd_put_data(0,0xc3,"\x16\x2b\x06\x01\x04\x01\xda\x47\x0f\x01")
=========================

gnuk_token is the code I have in gnuk/tool.  It changes to:
signature key with NIST P-256, decrypt key with NIST P-256,
auth key with Ed25519.

Running this script, fresh Gnuk will become a token with ECC, by
changing its key algorithm attributes.

Newer GnuPG partial support of modifying key algorithm attributes of
card/token, but it's limited to only modifying its key size.  I mean,
you can install RSA-4096 key to usual Gnuk 1.1.4.  You don't need
another script.

I'm considering to submit change to support full support of modifying
key algorithm attributes (algo + key size).  Until it will be merged
into GnuPG, please use this script.
-- 



More information about the gnuk-users mailing list