When using gpgsm --gen-key to create a certificate request from a card-stored ECDSA key, the resulting certificate request has an incorrect Signature Algorithm identifier (sha256WithRSAEncryption instead of the expected ecdsa-with-SHA256), even though the rest of the request seems fine.
This can be seen by dumping the request with OpenSSL's req command:
$ openssl req -in gpgsm-generated-csr.pem -noout -text Certificate Request: Data: Version: 0 (0x0) Subject: C=UK, L=London, CN=Alice Smith Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:83:90:8f:ad:a3:2f:8a:da:39:6c:fc:5b:ac:aa: f8:d8:d7:02:ee:be:5f:f4:c3:78:e7:34:25:33:73: 0e:bf:98:32:bf:0f:76:a1:1f:6d:19:ad:1a:20:3b: 5d:95:43:d3:f5:fc:9f:e2:f2:97:e1:32:35:36:2b: 7a:6e:05:d8:b0 ASN1 OID: prime256v1 NIST CURVE: P-256 Attributes: Requested Extensions: X509v3 Subject Alternative Name: email:firstname.lastname@example.org X509v3 Key Usage: critical Digital Signature, Non Repudiation Signature Algorithm: sha256WithRSAEncryption 2a:e6:aa:da:dd:36:bd:de:61:88:18:0b:35:25:3c:cf:70:94: 30:b5:b0:4e:e1:1e:05:49:40:14:55:37:1c:aa:16:19:01:ea: c2:b6:6b:57:be:37:24:59:5c:b9:e7:bb:5b:2a:b3:67:26:4c: d7:6c:1a:ae:e3:de:8b:6a:10:ae
Basically gpgsm --gen-key does not currently support working with card-based keys of any other type than RSA. The assumption that card-based keys are RSA-only is hardcoded at several places in GpgSM code, such as in function gpgsm_scd_pksign (sm/call-agent.c):
/* Create an S-expression from it which is formatted like this: "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" Fixme: If a card ever creates non-RSA keys we need to change this. */
or in function transform_sigval (sm/misc.c):
if (!tok || toklen != 3 || memcmp ("rsa", tok, toklen)) return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO)
This assumption should be revised now that cards compliant with version 3+ of the OpenPGP card specification are available.