Hi,
I think it becomes clear for me (see below). Thanks.
---------------------------------------------------------------
I understand that with Gnuk 2.2 :
--$ gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye tell me all the
algorithms available on the Gnuk Card (see below with my Blue Pill Plus
board)
--------
gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye S KEY-ATTR-INFO
OPENPGP.1 secp256k1 S KEY-ATTR-INFO OPENPGP.1 ed25519 S KEY-ATTR-INFO
OPENPGP.1 ed448 S KEY-ATTR-INFO OPENPGP.2 secp256k1 S KEY-ATTR-INFO
OPENPGP.2 cv25519 S KEY-ATTR-INFO OPENPGP.2 cv448 S KEY-ATTR-INFO
OPENPGP.3 secp256k1 S KEY-ATTR-INFO OPENPGP.3 ed25519 S KEY-ATTR-INFO
OPENPGP.3 ed448 OK --------
-- gpg --expert --card-edit show me all algoritms available with GnuPG
even algorithms not available in Gnuk Card as RSA and ECC/choice number
3, 4, 5, 6, 7 and 8 in the example (see below with my Blue Pill Plus board)
--------
$ gpg --expert --card-edit Reader ...........:
1209:2440:FSIJ-2.2-43112959:0 Application ID ...:
D276000124010200FFFE431129590000 Application type .: OpenPGP Version
..........: 2.0 Manufacturer .....: unmanaged S/N range Serial number
....: 43112959 Name of cardholder: [non positionné] Language prefs ...:
[non positionné] Salutation .......: URL of public key : [non
positionné] Login data .......: [non positionné] Signature PIN ....:
forcé Key attributes ...: secp256k1 secp256k1 secp256k1 Max. PIN lengths
.: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 KDF
setting ......: on UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none] Encryption key....: [none] Authentication
key: [none] General key info..: [none] gpg/carte> admin Les commandes
d'administration sont permises gpg/carte> key-attr Changing card key
attribute for: Signature key Sélectionnez le type de clef désiré : (1)
RSA (2) ECC Quel est votre choix ? 2 Sélectionnez le type de courbe
elliptique désiré : (1) Curve 25519 *default* (2) Curve 448 (3) NIST
P-256 (4) NIST P-384 (5) NIST P-521 (6) Brainpool P-256 (7) Brainpool
P-384 (8) Brainpool P-512 (9) secp256k1 Quel est votre choix ? --------
---------------------------------------------------------------
I tried to configure the board first with secp256k1 then with Curve 448
and :
-- i can select both algorithms, and the result with the list command is ok
- but, i can't generate keys with secp256k1, i get "Échec de génération
de la clef : Conditions d'utilisation non satisfaites" : fail to
generate key : used conditions not satisfied
- but, i can't generate keys with Curve 448, i get "Échec de génération
de la clef : Erreur de carte" : fail to generate key : board error
Curve 25519 keys generation works fine
With gnuPG 2.4.4 on LinuxMint 21.3
Best regards
Le 18/02/2025 à 02:10, NIIBE Yutaka a écrit :
Hello,
Frédéric SUEL<[email protected]> wrote:
Yes, i made the test twice (compiling and executing).
Thank you for your confirmation.
I think that I misunderstood your questions
In the previous mail of yours, you wrote:
1) RSA support with key-attr is always available but doesn't work
2) I can't find with key-attr X448 or Ed448 support
And then, I asked:
Are you sure if it's Gnuk 2.2? As the CLI interaction example above
shows, it works for me (no RSA, has X448 and Ed448 support).
With Gnuk 2.2, you can confirm that there is no RSA support
but X448 and Ed448 support by executing following command:
$ gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye
Here is my revised answer.
* UI of GnuPG always asks users blindly for RSA option, even if the
card/token doesn't have RSA support. I agree that it's good to be
improved.
* You need --expert option with "gpg --card-edit" to enable other ECC
support like X448 and Ed448.
_______________________________________________
Gnuk-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnuk-users
