GpgSM: Add ECC support
Testing, HighPublic


ECC Crypto for S/MIME key generation and usage should be implemented.

Original report:

I would like create a X.509 Key with ECDSA option to specify a max validity date.
But the option is anavailable (grey).
Why? (A software parameter is wrong?)
How to do ?
Thanks for your answer

Serg67 created this task.Aug 14 2018, 5:00 PM
aheinecke renamed this task from Create an X.509/ECDSA key to GpgSM: Add ECC support (Option to create an X.509/ECDSA key).Aug 17 2018, 3:40 PM
aheinecke triaged this task as Wishlist priority.
aheinecke updated the task description. (Show Details)
aheinecke added a project: S/MIME.
aheinecke added a subscriber: aheinecke.

There is currently no ECC key support in the S/MIME component of Gpg4win. I've edited the task a bit to reflect that. So it is impossible to generate an ECC Key for S/MIME with Kleopatra.

It should definitely be implemented but this is no small task :-/

Thanks for your answer

Best regards

werner added a subscriber: werner.Feb 6 2019, 9:56 AM

See also T4013 which is about ed25519 key support

werner claimed this task.Feb 6 2019, 9:57 AM
werner raised the priority of this task from Wishlist to High.
werner edited projects, added Feature Request; removed Bug Report.
gniibe added a subscriber: gniibe.Mar 24 2020, 6:32 AM

There are two code paths to generate key: gpgsm_genkey and gpgsm_gencertreq_tty. Latter is partially supported with card key.
Firstly, I'm going to work for T4888.

I am working on the Telesec Signature Card v2. I will add encryption support to gpgsm.

werner changed the status of subtask T4920: Support ECDH in Libksba from Open to Testing.May 4 2020, 3:05 PM
werner added a comment.May 8 2020, 6:14 PM

Basic en- and decryption test against Governikus_Signer has now been done. Beware: I had to add a debug option to gpgsm to workaround non-compliance in algorithm support of Governikus; see the rG68b857df13c8a4e6cae5e3a29fd065bf90764547 for details.

werner renamed this task from GpgSM: Add ECC support (Option to create an X.509/ECDSA key) to GpgSM: Add ECC support.May 8 2020, 6:15 PM
werner added a project: gnupg (gpg23).
werner changed the task status from Open to Testing.May 11 2020, 6:46 PM

Signing using ECDSA does now also work. Tested with 3 in disk keys: nistp256, nistp384 and RSA and verified using gpgsm and Governikus Signer.

See rG6dc3846d78192e393be73c16c72750734a9174d1 for examples on how to create a cert

GnuTLS seems to have some CMS support; see .

pert added a subscriber: pert.Jun 1 2020, 7:18 PM