Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed
Open, LowPublic

Description

When using gpgsm --gen-key to create a certificate request from a card-stored ECDSA key, the resulting certificate request has an incorrect Signature Algorithm identifier (sha256WithRSAEncryption instead of the expected ecdsa-with-SHA256), even though the rest of the request seems fine.

This can be seen by dumping the request with OpenSSL's req command:

$ openssl req -in gpgsm-generated-csr.pem -noout -text
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=UK, L=London, CN=Alice Smith
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:83:90:8f:ad:a3:2f:8a:da:39:6c:fc:5b:ac:aa:
                    f8:d8:d7:02:ee:be:5f:f4:c3:78:e7:34:25:33:73:
                    0e:bf:98:32:bf:0f:76:a1:1f:6d:19:ad:1a:20:3b:
                    5d:95:43:d3:f5:fc:9f:e2:f2:97:e1:32:35:36:2b:
                    7a:6e:05:d8:b0
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        Attributes:
        Requested Extensions:
            X509v3 Subject Alternative Name: 
                email:alice@example.org
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
    Signature Algorithm: sha256WithRSAEncryption
         2a:e6:aa:da:dd:36:bd:de:61:88:18:0b:35:25:3c:cf:70:94:
         30:b5:b0:4e:e1:1e:05:49:40:14:55:37:1c:aa:16:19:01:ea:
         c2:b6:6b:57:be:37:24:59:5c:b9:e7:bb:5b:2a:b3:67:26:4c:
         d7:6c:1a:ae:e3:de:8b:6a:10:ae

Basically gpgsm --gen-key does not currently support working with card-based keys of any other type than RSA. The assumption that card-based keys are RSA-only is hardcoded at several places in GpgSM code, such as in function gpgsm_scd_pksign (sm/call-agent.c):

/* Create an S-expression from it which is formatted like this:
   "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" Fixme: If a card ever
   creates non-RSA keys we need to change this. */

or in function transform_sigval (sm/misc.c):

if (!tok || toklen != 3 || memcmp ("rsa", tok, toklen))
  return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO)

This assumption should be revised now that cards compliant with version 3+ of the OpenPGP card specification are available.

Details

Version
master
gouttegd created this task.Aug 6 2018, 12:00 AM
gouttegd created this object in space S1 Public.