Page MenuHome GnuPG
Create Task
Maniphest T6382

keytocard fails to import a nistp384 ECDSA key
Closed, ResolvedPublic
Actions

Description

I'm trying to import an P-384 ECDSA key to an OpenPGP card (tested with a Yubikey 5 and a Nitrokey 3), keytocard prompts for the key passphrase and the card admin password, and then fails with the error "KEYTOCARD failed: Invalid value".

Here is the key, the passphrase is "password":

-----BEGIN PGP PRIVATE KEY BLOCK-----
lNIEY3NxMBMFK4EEACIDAwTax0fJVms8IhLddxHi30r8trg5rS0svuZKI2q6dXrF
wMIumQsRpNROEZhs7XxI54rhrjUIc0rQkT/sjMeFuyhpZ0FFPVbIQi61kT+G1PoX
9acYCkCpkdZNsWataoBn6kH+CQMI6D3xS4YZZdxg8Rzm8+tNacxN5r50C+9nS9Oc
JV9zkTtD6jWNiGlm80Tx1cpBdlRaN3sdGxtUDOfBRMNuOVK5J9BiTi/44vadg0t9
/hamFJP5+lK1iqkaIHoiReF8hI+0KkpzaWduIFRlc3QgS2V5IChFQykgPGpzaWdu
LWVjQGV4YW1wbGUuY29tPoiBBBMTCgAJBQJj9I+QAhsvAAoJENCc5L/S2pOWjSEB
gITFeHp2hNjEbmUdcHuWgJhndhDYpLFaatgWUbPjYusXWz4mNyF+tjIDtuOTli4a
BgF/fYs/V3tWJfyGv/zPrqnwk3ot/JcoaNnyqmSlMmjxnnRiZGtYE7GCOUiBxydT
VqL3
=UB5P
-----END PGP PRIVATE KEY BLOCK-----

Details

Version
2.4.0

Related Objects
Search...

Event Timeline

ebourg created this task.Feb 21 2023, 11:26 AM
werner added a subscriber: werner.Feb 21 2023, 2:45 PM

Looks similar to T6378. Can you provide the output of

gpg-card list --no-key-lookup
werner triaged this task as High priority.Feb 21 2023, 2:46 PM
werner added projects: gnupg24, scd, yubikey.
ebourg added a comment.Feb 21 2023, 2:55 PM

Same error message but probably a different cause, in this case the card was factory reset before importing.

Reader ...........: Nitrokey CCID/ICCD Interface 0
Serial number ....: D2760001240103040000A020AB300000
Application type .: OpenPGP
Version ..........: 3.4
Displayed s/n ....: 0000 A020AB30
Manufacturer .....: test card
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Capabilities .....: key-import algo-change button priv-data
KDF setting ......: on
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
      keyref .....: OPENPGP.1
      algorithm ..: rsa2048
Encryption key....: [none]
      keyref .....: OPENPGP.2
      algorithm ..: rsa2048
Authentication key: [none]
      keyref .....: OPENPGP.3
      algorithm ..: rsa2048
ebourg added a comment.Feb 21 2023, 2:59 PM

I also tried to import the key with the gpg-card writekey command and I got the same error.

werner added a comment.Feb 21 2023, 3:08 PM

There must be some regression in the code which changes the key attributes. Please try
"gpg --card-edit" admin, key-attr
and switch to nistp384.

werner added a parent task: T6378: keytocard: invalid value.Feb 21 2023, 3:09 PM
ebourg added a comment.Feb 21 2023, 3:31 PM

Changing the key attributes didn't help unfortunately:

$ gpg --edit-card

Reader ...........: Nitrokey CCID/ICCD Interface 0
Application ID ...: D2760001240103040000A020AB300000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: test card
Serial number ....: A020AB30
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
KDF setting ......: off
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card> admin
Admin commands are allowed

gpg/card> key-attr
Changing card key attribute for: Signature key
Please select what kind of key you want:
   (1) RSA
   (2) ECC
Your selection? 2
Please select which elliptic curve you want:
   (1) Curve 25519 *default*
   (4) NIST P-384
   (6) Brainpool P-256
Your selection? 4
The card will now be re-configured to generate a key of type: nistp384
Note: There is no guarantee that the card supports the requested
      key type or size.  If the key generation does not succeed,
      please check the documentation of your card to see which
      key types and sizes are supported.
Changing card key attribute for: Encryption key
Please select what kind of key you want:
   (1) RSA
   (2) ECC
Your selection? 1
What keysize do you want? (2048)
Changing card key attribute for: Authentication key
Please select what kind of key you want:
   (1) RSA
   (2) ECC
Your selection? 2
Please select which elliptic curve you want:
   (1) Curve 25519 *default*
   (4) NIST P-384
   (6) Brainpool P-256
Your selection? 4
The card will now be re-configured to generate a key of type: nistp384

gpg/card> quit

$ gpg --card-status
Reader ...........: Nitrokey CCID/ICCD Interface 0
Application ID ...: D2760001240103040000A020AB300000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: test card
Serial number ....: A020AB30
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
KDF setting ......: off
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

$ gpg --edit-key jsign-ec
gpg (GnuPG) 2.4.0; Copyright (C) 2021 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  nistp384/D09CE4BFD2DA9396
     created: 2022-11-15  expires: never       usage: SCA
     trust: unknown       validity: unknown
[ unknown] (1). Jsign Test Key (EC) <jsign-ec@example.com>

gpg> keytocard
Really move the primary key? (y/N) y
Please select where to store the key:
   (1) Signature key
   (3) Authentication key
Your selection? 1
gpg: KEYTOCARD failed: Invalid value

gpg> keytocard
Really move the primary key? (y/N) y
Please select where to store the key:
   (1) Signature key
   (3) Authentication key
Your selection? 3
gpg: KEYTOCARD failed: Invalid value
werner added a comment.Feb 21 2023, 4:32 PM

Sure that you specific card/implementation of Nitrokey supports this curve? The card application uses a vendor from the test card range - this it is likely that it is some Javacard implementaion or it is an old gnuk firmware on the nitrokey basic.

ebourg added a comment.Feb 21 2023, 5:12 PM

This is a Nitrokey 3A with the firmware 1.2.2-alpha.20221130. I'll check with the vendor.

ebourg added a comment.Feb 21 2023, 5:33 PM

The application probably doesn't support this curve, the changelog only mentions Curve25519 and NIST P-256. Also Kleopatra lists only these two curves when generating a key from the card. Upon further inspection, the 0xFA DO listing the supported algorithms only has RSA 2048, RSA 4096, nistp256, ed255519 and cv25519

Maybe the error message could be improved? Something like "The card doesn't support the algorithm xyz, accepted algorithms are aaa, bbb or ccc" . key-attr also shouldn't list NIST P-384 as an available curve.

werner lowered the priority of this task from High to Normal.Feb 26 2023, 7:27 PM
werner added a comment.Mar 14 2023, 11:35 AM

There is actually a regression wit Yubikeys. The fix for 2.2 is in T5100: rG08cc34911470 - for 2.4 I need to check

werner closed this task as Resolved.Mar 14 2023, 4:20 PM
werner claimed this task.
werner removed a project: gnupg24.

Closing this one - see T6378

werner added a subtask: T6465: Store the ECDH parameters in the key file.Apr 21 2023, 3:21 PM