Re: OpenPGP smartcard and P-256 in non expert mode
n 8/11/22 15:30, Ingo Klöcker wrote Only experts will be able to make an educated decision between P-256 and P-384. It's good to give "normal" people less choice by default because more choice will just confuse them even more. Even having to choose between Curve25519 and P-384 will be too much already for people who just have been told that they should generate an ECC key. That makes sense to me. However why offer curves not supported by the hardware? Regards, Sosthène -- Sosthène Guédon Intern Nitrokey GmbH https://www.nitrokey.com Email: sosth...@nitrokey.com Rheinstr. 10 C, 14513 Teltow, Germany CEO / CEO: Jan Suhr Register: AG Potsdam, HRB 32882 P VAT ID / VAT ID: DE300136599 ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP smartcard and P-256 in non expert mode
Hi! Please share your GnUPG version and the type of smartcard you are using with us. A 9 year old commit is not very helpful. I'm using gpg 2.2.36 and a OpenPGP smart card implementation we are currently developing. You're right the commit itself isn't very helpful, here are is the code that is relevant in the 2.2 branch: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keygen.c;h=fee752376d28d7c7704336d681da8be92c4f22bc;hb=491645b50ec97db12520483d347291d660db209c#l2393 See the `expert_only` flag set to 1 for P-256. This was introduced in the commit I mentioned. Regards, Sosthène -- Sosthène Guédon Intern Nitrokey GmbH https://www.nitrokey.com Email: sosth...@nitrokey.com Rheinstr. 10 C, 14513 Teltow, Germany CEO / CEO: Jan Suhr Register: AG Potsdam, HRB 32882 P VAT ID / VAT ID: DE300136599 ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
OpenPGP smartcard and P-256 in non expert mode
Hi! I don't understand why generating a key on a smartcard only offers Curve25519 and P-384 for ECC cryptography unless the --expert flag is used. P-384 is offered even when the hardware key doesn't support it and other curves which the hardware supports are not offered which is confusing. Why is the P-256 curve disabled by default? It seems deliberate in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=402aa0f94854bb00475c934be5ca6043a4632126 but I can't find any documentation on why that choice was made. Thanks, Sosthène -- Sosthène Guédon Intern Nitrokey GmbH https://www.nitrokey.com Email: sosth...@nitrokey.com Rheinstr. 10 C, 14513 Teltow, Germany CEO / CEO: Jan Suhr Register: AG Potsdam, HRB 32882 P VAT ID / VAT ID: DE300136599 ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users