falko-strenzke
commented
1 month ago This topic is already being tracked in #108. Regarding the private key format for smart cards, I think that their private key format does not necessarily have to conform with the general OpenPGP format. An OpenPGP seed private key could still be imported into a smart card that is using the expanded format. If the expanded key of the card also holds the seed (without using it internally) the key could even be exported to a "software" key again.
As I raised on the mailing list [1], I think there's a reasonable argument for limiting the storage format for post-quantum keys to the seed format rather than the, arguably more temperamental, expanded key format. I think LAMPS is going in the direction of seed-format-only so I think there is precendence that we can follow and go with the same approach. See [2] and [3]
There were some concerns about low-power devices/OpenPGP smart cards but I think it was decided that was not a huge concern or at least not a reason to have multiple key storage formats (but others are free to contradict me if it is :) ).
Happy to provide some assistance with writing/reviewing text on storage formats if it'll help.
[1] https://mailarchive.ietf.org/arch/msg/openpgp/2dg-DrWt4DgIoX8uTalCa-kzE38/ [2] https://github.com/randombit/botan/pull/3893#issuecomment-2349229966 [3] https://github.com/randombit/botan/pull/4270#issuecomment-2356039856