Page MenuHome GnuPG

gpgsm: Use KEM interface for decryption
Open, NormalPublic

Description

For ECC, it is better to use KEM API, so that the implementation is more coherent.

I looked into the code and figured out that we don't need to change the protocol between gpgsm and gpg-agent much (the KDF parameters are sent to gpg-agent too as well as the encrypted session key).
Simply it is enough to move the work of ECDH KDF things from gpgsm to gpg-agent; The return value will be decrypted session key.

Event Timeline

gniibe lowered the priority of this task from High to Normal.
gniibe created this task.
gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Sep 15, 7:10 AM
gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Sep 22, 8:34 AM

This is current work of mine:

I realized that there is no test for ECC encryption/decryption with gpgsm.
We need to write those tests before pushing this change.

gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Sep 29, 7:04 AM

Reading the commit log message in rG6dc3846d7819: sm: Support creation of EdDSA certificates.
I created a file to keygen.

Key-Type: ECDSA
Key-Length: 1024
Key-Grip: 0286DCA85E771F64AB9FD9C89717369524D55471
Key-Usage: sign,encrypt
Hash-Algo: sha384
Serial: random
Name-DN: CN=dummy test nistp384

Then, test with a certificate.

I needed a bit of fix over the patch t7811-patch.diff.
I'm going to commit the changes with fix.

gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Oct 6, 7:33 AM