Implement ECDSA keys

[klali]

Make it possible to use ECDSA keys. There's no spec yet but some support in gnupg and gnuk.

[dschuermann]

Spec is here: http://tools.ietf.org/html/rfc6637

[jas4711]

What is needed is the OpenPGP card specification with ECC support -- but we have a draft version of it. The problem now is how to add the functionality, and whether it can be done using standard javacard Java APIs or if extended (chip-specific) APIs are required.

[jas4711]

We are waiting for GnuPG support before we can do anything more here.

[rvs]

Hi! It seems that ECDSA is actually supported, its ECDH which is not fully implemented yet. At least according to this thread: http://lists.gnupg.org/pipermail/gnupg-devel/2014-September/028738.html

Any chance you guys can look at it and determine whether current Yubikey hardware implementation would be able to handle the spec?

[klali]

I've just pushed a branch (devel/ecc_keys) that contains some support for ECDSA/ECDH keys on the Neo.

One problem with this branch is that it doesn't depend on pure javacard like the RSA keys do, but to build it you must have access to the JCOP tools from NXP. This is needed because the javacard 3.0.1 spec only defines ECDSA signing with hashing taking place on chip, whereas everything using ECDSA hashes outside the chip.

[rvs]

This is awesome! Really looking forward to checking this out over the weekend!

[jas4711]

To summarize, my understanding is that the "ecc_keys" branch supports ECC key import, ECDSA key signing and ECDH decrypt. I believe Klas were able to actually do ECC key import and ECDSA sign using GnuPG 2.1 but the ECDH part did not work -- talking to Achim this is not yet specified in the OpenPGP card specs, so I'm not surprised by that.

[wkennington]

Eagerly awaiting this, any idea what the timeline on upstream openpgp is for getting their specs out?

[jas4711]

See this thread on gnupg-devel: http://thread.gmane.org/gmane.comp.encryption.gpg.devel/18922

So still waiting for ECDH support, as far as I understand.

[wkennington]

Looks like this might be implemented now? http://lists.gnupg.org/pipermail/gnupg-devel/2014-December/029183.html On the gnuk site it seems to imply this patch was accepted into master but I haven't verified the changes.

[englishm]

What do I need to try this out? I have GnuPG 2.1 already.

[mkroman]

% gpg --version
gpg (GnuPG) 2.1.2
libgcrypt 1.6.3
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Is there any progress on ECDSA key support for the YubiKey Neo?

[rvs]

I'd be more than happy to help testing any alpha builds, etc. Very much looking forward to this happening as soon as possible especially now that the official version of GPG is out supporting those schemes.

[nerdy-sam]

+100

[dodtsair]

Will it be possible to update old hardware with the new standard?

[dschuermann]

Just for reference, the new spec is here: http://g10code.com/docs/openpgp-card-3.0.pdf

[Exordian]

+1 ECDSA would provide a significant speedup (on all operations) compared to RSA, especially on smartcards

[erasmuswill]

any news?

[jonathancross]

Poked around a bit, but didn't find much... Yubico product page indicates that the NEO supports ECC p256, but no more info. The ecc_keys branch was not worked on since 2014 and was not merged in.

[mouse07410]

I suspect that Yubico product page refers to the PIV applet (where ECC keys work - I've been using them for more than half a year now), and not to the OpenPGP applet.