Any plans to support EC secp256k1 parameters

[dragom]

Looking that pgp applet already have this support, wondering if there is any plan to support this also in PIV? https://docs.yubico.com/hardware/yubikey/yk-5/tech-manual/yk5-apps.html#elliptic-curve-cryptographic-ecc-algorithms https://bitcoindev.network/using-gpg-as-a-bitcoin-address/

[qpernil]

No current plan as that curve is not supported by the PIV spec, so it would be a proprietary extension. As you noted the algorithm is supported by the firmware so it would be very possible if the spec is updated.

[dragom]

Looked at PIV specs and yes, there is no curve yet. But this could take some time before it is. Maybe new applet for cypto will be better way to go. Thank you.

[qpernil]

Well, you can use the pgp applet for the time being. Or YubiHSM2.

[dragom]

There is some problem using gpg applet and sign transaction, so looking for clean solution. https://bitcoindev.network/using-gpg-as-a-bitcoin-address/ Unfortunately, we were not able to sign a bitcoin transaction directly with GPG due to its specific signing algorithm

[qpernil]

The formatting of data to be signed is done outside the OpenPGP applet on any OpenPGP card, so in theory, with the right middleware, any data can be signed with the keys on the card (such as a YubiKey). Only the raw ecdsa signature operation is performed on-card.

[dragom]

Nice. Then I will investigate how they communicate with applet. Thank you.

[qpernil]

A pkcs#11 implementation for the OpenPGP applet would be nice.. Then the client could be made generic and also support other devices, such as HSMs and smart cards.

[dragom]

Extended YKCS11 so that use also openpgp applet (for EC secp256k1) not just piv interface :)

[qpernil]

Yes I see where you are coming from, but this would be applicable to any OpenPGP card and as such should probably be separate from YKCS11. But I will consider it.

[dragom]

Thank you for your time. Maybe I will have time to investigate your proposal just to make some proof-of-concept.