Page MenuHome GnuPG
Create Task
Maniphest T7811

gpgsm: Use KEM interface for decryption
Open, NormalPublic
Actions

Description

For ECC, it is better to use KEM API, so that the implementation is more coherent.

I looked into the code and figured out that we don't need to change the protocol between gpgsm and gpg-agent much (the KDF parameters are sent to gpg-agent too as well as the encrypted session key).
Simply it is enough to move the work of ECDH KDF things from gpgsm to gpg-agent; The return value will be decrypted session key.

Related Objects
Search...

Event Timeline

gniibe triaged this task as High priority.Mon, Sep 15, 7:07 AM
gniibe lowered the priority of this task from High to Normal.
gniibe created this task.
gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Sep 15, 7:10 AM
gniibe updated the task description. (Show Details)Mon, Sep 15, 7:20 AM
gniibe updated the task description. (Show Details)
gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Sep 22, 8:34 AM
gniibe added a comment.Fri, Sep 26, 10:50 AM

This is current work of mine:

t7811-patch.diff18 KBDownload

I realized that there is no test for ECC encryption/decryption with gpgsm.
We need to write those tests before pushing this change.

gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Sep 29, 7:04 AM
gniibe added a comment.Mon, Oct 6, 7:28 AM

Reading the commit log message in rG6dc3846d7819: sm: Support creation of EdDSA certificates.
I created a file to keygen.

Key-Type: ECDSA
Key-Length: 1024
Key-Grip: 0286DCA85E771F64AB9FD9C89717369524D55471
Key-Usage: sign,encrypt
Hash-Algo: sha384
Serial: random
Name-DN: CN=dummy test nistp384

Then, test with a certificate.

I needed a bit of fix over the patch t7811-patch.diff.
I'm going to commit the changes with fix.

gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Oct 6, 7:33 AM