Re: New GPLv3 OpenPGP card implementation (on a java card).
On Wed, Oct 16, 2013 at 11:40 AM, Werner Koch wrote: > On Tue, 15 Oct 2013 11:41, p...@heypete.com said: > >> Also, are there any smartcards out there that would support DSA/ELG >> keys? All the cards I've seen and used support RSA only. > > You don't want DSA on smartcards - at least not until they are able to > do deterministic DSA (rfc-6979). I knew that DSA fails catastrophically with low entropy (where "catastrophically" = "leaking the private key"), but I would hope that any DSA-capable smartcard would have a decent hardware RNG built in. I'm not familiar with RFC 6979. Thanks for the link. It's good to see people taking that issue into account. Cheers! -Pete ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New GPLv3 OpenPGP card implementation (on a java card).
On Tue, 15 Oct 2013 11:41, p...@heypete.com said: > Also, are there any smartcards out there that would support DSA/ELG > keys? All the cards I've seen and used support RSA only. You don't want DSA on smartcards - at least not until they are able to do deterministic DSA (rfc-6979). ECC on smartcards is available for a very long time because that used to be the only method to do pubkey crypto with reasonable performance on cards without a hardware exponentiation circuit. The ZeitControl cards have support for some NIST curves but it is not yet supported by by the OpenPGP card application. I am not sure whether it is a good idea to go with the NIST curves because ECDSA suffers from the same problem has DSA. What about trying to implement Ed25519 on a Java card? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New GPLv3 OpenPGP card implementation (on a java card).
Il 15/10/2013 11:41, Pete Stephenson ha scritto: > On Tue, Oct 15, 2013 at 7:42 AM, Ann O'nymous wrote: >> If anyone is interested I wrote a java card implementation of the OpenPGP >> card and released it under the GPLv3 I'm 'more or less' (no time ATM :( ) working on extending standard GPG card protocol to support user-controlled export of keys and ability to keep 'n' old enc keys on the same card. > Is this a hardware limitation, or could it be increased in the future? Try to find a Java card that supports longer keys... > Also, are there any smartcards out there that would support DSA/ELG > keys? All the cards I've seen and used support RSA only. I've only seen RSA (up to 2048bit) and ECC (some "small" fields only) support in Java cards. Some BasicCards should support up to 4096bit (and they're the ones used by offical GPG card, IIUC). BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New GPLv3 OpenPGP card implementation (on a java card).
On Tue, Oct 15, 2013 at 7:42 AM, Ann O'nymous wrote: > If anyone is interested I wrote a java card implementation of the OpenPGP > card and released it under the GPLv3 Excellent! > Features and limitations: > - 2048 bit RSA keys only Is this a hardware limitation, or could it be increased in the future? Also, are there any smartcards out there that would support DSA/ELG keys? All the cards I've seen and used support RSA only. Cheers! -Pete ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
New GPLv3 OpenPGP card implementation (on a java card).
If anyone is interested I wrote a java card implementation of the OpenPGP card and released it under the GPLv3 Features and limitations: - 2048 bit RSA keys only - On card key generation - RSA keys can be imported onto the card (if using GnuPG v2.0.22 or above, previous versions did not support writing RSA private keys in the CRT format to the card). - On card random number generation - No secure messaging or card clean-up yet. - Tested with gpg2, OpenSC will need a few patches to select the applet by AID. Link to the code: https://github.com/FluffyKaon/OpenPGP-Card There will be a test suite to go with it once I clean the code a bit. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
