Page MenuHome GnuPG

GpgSM: Add ECC support
Testing, HighPublic


ECC Crypto for S/MIME key generation and usage should be implemented.

Original report:

I would like create a X.509 Key with ECDSA option to specify a max validity date.
But the option is anavailable (grey).
Why? (A software parameter is wrong?)
How to do ?
Thanks for your answer


Kleopatra Version 3.1.2-gpg4win-3.1.2

Event Timeline

aheinecke renamed this task from Create an X.509/ECDSA key to GpgSM: Add ECC support (Option to create an X.509/ECDSA key).Aug 17 2018, 3:40 PM
aheinecke triaged this task as Wishlist priority.
aheinecke updated the task description. (Show Details)
aheinecke added a project: S/MIME.
aheinecke added a subscriber: aheinecke.

There is currently no ECC key support in the S/MIME component of Gpg4win. I've edited the task a bit to reflect that. So it is impossible to generate an ECC Key for S/MIME with Kleopatra.

It should definitely be implemented but this is no small task :-/

Thanks for your answer

Best regards

See also T4013 which is about ed25519 key support

werner raised the priority of this task from Wishlist to High.
werner edited projects, added Feature Request; removed Bug Report.

There are two code paths to generate key: gpgsm_genkey and gpgsm_gencertreq_tty. Latter is partially supported with card key.
Firstly, I'm going to work for T4888.

I am working on the Telesec Signature Card v2. I will add encryption support to gpgsm.

Basic en- and decryption test against Governikus_Signer has now been done. Beware: I had to add a debug option to gpgsm to workaround non-compliance in algorithm support of Governikus; see the rG68b857df13c8a4e6cae5e3a29fd065bf90764547 for details.

werner renamed this task from GpgSM: Add ECC support (Option to create an X.509/ECDSA key) to GpgSM: Add ECC support.May 8 2020, 6:15 PM
werner added a project: gnupg (gpg23).
werner changed the task status from Open to Testing.May 11 2020, 6:46 PM

Signing using ECDSA does now also work. Tested with 3 in disk keys: nistp256, nistp384 and RSA and verified using gpgsm and Governikus Signer.