Page MenuHome GnuPG
Create Task
Maniphest T4098

GpgSM: Add ECC support
Closed, ResolvedPublic
Actions

Description

ECC Crypto for S/MIME key generation and usage should be implemented.

Original report:

Hello
I would like create a X.509 Key with ECDSA option to specify a max validity date.
But the option is anavailable (grey).
Why? (A software parameter is wrong?)
How to do ?
Thanks for your answer
Serg67

Details

Version
Kleopatra Version 3.1.2-gpg4win-3.1.2

Revisions and Commits

rK libksba
rK71a2f1e87790 Finish creation of ECDSA and EdDSA certificates.
rG GnuPG
rG7c3aeb2a57ea gpgsm: Support signing using ECDSA.
rGed62b74a175e gpgsm: Create ECC certificates with AKI and SKI by default.
rG44676819f287 sm: Create ECC certificates with AKI and SKI by default.
rGf44d395bdfec sm: Support signing using ECDSA.
rG68b857df13c8 sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.
rGee6d29f1797e sm: Support decryption of ECDH data using a smartcard.
rGd5051e31a8fc sm: Support encryption using ECDH keys.
rG95d83cf90617 sm: Support decryption of ECDH data.

Related Objects
Search...

Event Timeline

Serg67 created this task.Aug 14 2018, 5:00 PM
aheinecke renamed this task from Create an X.509/ECDSA key to GpgSM: Add ECC support (Option to create an X.509/ECDSA key).Aug 17 2018, 3:40 PM
aheinecke triaged this task as Wishlist priority.
aheinecke updated the task description. (Show Details)
aheinecke added a project: S/MIME.
aheinecke added a subscriber: aheinecke.

There is currently no ECC key support in the S/MIME component of Gpg4win. I've edited the task a bit to reflect that. So it is impossible to generate an ECC Key for S/MIME with Kleopatra.

It should definitely be implemented but this is no small task :-/

Serg67 added a comment.Aug 17 2018, 4:38 PM

Ok
Thanks for your answer

Best regards

werner added a subscriber: werner.Feb 6 2019, 9:56 AM

See also T4013 which is about ed25519 key support

werner claimed this task.Feb 6 2019, 9:57 AM
werner raised the priority of this task from Wishlist to High.
werner edited projects, added Feature Request; removed Bug Report.
gouttegd mentioned this in T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed.Feb 13 2019, 1:37 AM
aheinecke removed a project: gpg4win.Mar 14 2019, 9:34 AM
gniibe created subtask T4888: GpgSM: Support ECC key generation by gpgsm_genkey.Mar 24 2020, 6:30 AM
gniibe added a subscriber: gniibe.Mar 24 2020, 6:32 AM

There are two code paths to generate key: gpgsm_genkey and gpgsm_gencertreq_tty. Latter is partially supported with card key.
Firstly, I'm going to work for T4888.

gniibe created subtask T4896: ksba: Ed25519 support.Mar 30 2020, 7:55 AM
gniibe changed the status of subtask T4888: GpgSM: Support ECC key generation by gpgsm_genkey from Open to Testing.Apr 6 2020, 6:49 AM
werner added a comment.Apr 17 2020, 6:03 PM

I am working on the Telesec Signature Card v2. I will add encryption support to gpgsm.

werner created subtask T4920: Support ECDH in Libksba.Apr 21 2020, 2:33 PM
werner created subtask T4921: Support import of PKCS#12 encoded ECC private keys..Apr 21 2020, 5:01 PM
werner added a commit: rG95d83cf90617: sm: Support decryption of ECDH data..Apr 23 2020, 10:08 AM
werner changed the status of subtask T4921: Support import of PKCS#12 encoded ECC private keys. from Open to Testing.Apr 27 2020, 8:09 PM
werner added a commit: rGd5051e31a8fc: sm: Support encryption using ECDH keys..May 4 2020, 3:02 PM
werner changed the status of subtask T4920: Support ECDH in Libksba from Open to Testing.May 4 2020, 3:05 PM
werner created subtask T4938: Support Signature Card V2.0 (NKS15).May 7 2020, 8:18 AM
werner added a commit: rGee6d29f1797e: sm: Support decryption of ECDH data using a smartcard..May 7 2020, 8:20 AM
werner added a commit: rG68b857df13c8: sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme..May 8 2020, 6:11 PM
werner added a comment.May 8 2020, 6:14 PM

Basic en- and decryption test against Governikus_Signer has now been done. Beware: I had to add a debug option to gpgsm to workaround non-compliance in algorithm support of Governikus; see the rG68b857df13c8a4e6cae5e3a29fd065bf90764547 for details.

werner renamed this task from GpgSM: Add ECC support (Option to create an X.509/ECDSA key) to GpgSM: Add ECC support.May 8 2020, 6:15 PM
werner added a project: gnupg (gpg23).
werner changed the task status from Open to Testing.May 11 2020, 6:46 PM

Signing using ECDSA does now also work. Tested with 3 in disk keys: nistp256, nistp384 and RSA and verified using gpgsm and Governikus Signer.

werner added a commit: rGf44d395bdfec: sm: Support signing using ECDSA..May 11 2020, 7:02 PM
werner added a subtask: T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed.May 14 2020, 10:47 AM
werner removed a subtask: T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed.May 14 2020, 10:50 AM
werner added a commit: rK71a2f1e87790: Finish creation of ECDSA and EdDSA certificates..May 18 2020, 7:34 PM
werner added a commit: rG44676819f287: sm: Create ECC certificates with AKI and SKI by default..May 19 2020, 2:37 PM
werner added a comment.May 19 2020, 2:41 PM

See rG6dc3846d78192e393be73c16c72750734a9174d1 for examples on how to create a cert

werner closed subtask T4920: Support ECDH in Libksba as Resolved.May 19 2020, 4:49 PM
werner added a comment.May 27 2020, 10:35 AM

GnuTLS seems to have some CMS support; see https://gitlab.com/gnutls/gnutls/-/issues/227 .

pert added a subscriber: pert.Jun 1 2020, 7:18 PM
alex99 added a subscriber: alex99.Sep 10 2020, 1:56 AM
gniibe closed subtask T4888: GpgSM: Support ECC key generation by gpgsm_genkey as Resolved.Apr 12 2021, 12:21 PM
werner added a commit: rGed62b74a175e: gpgsm: Create ECC certificates with AKI and SKI by default..Oct 20 2022, 5:34 PM
werner changed the status of subtask T6253: GpgSM: Backport ECC support to 2.2 from Open to Testing.Oct 28 2022, 3:32 PM
werner closed subtask T4938: Support Signature Card V2.0 (NKS15) as Resolved.
werner closed this task as Resolved.Oct 28 2022, 3:36 PM

Has been release quite some time ago (2.3.8 and earlier)

werner added a commit: rG7c3aeb2a57ea: gpgsm: Support signing using ECDSA..Nov 15 2022, 2:57 PM
werner closed subtask T4921: Support import of PKCS#12 encoded ECC private keys. as Resolved.Jul 5 2023, 2:29 PM
ebo closed subtask T6253: GpgSM: Backport ECC support to 2.2 as Resolved.Oct 30 2023, 3:24 PM