Diffusion GnuPG 6dc3846d7819

sm: Support creation of EdDSA certificates.

Authored by werner on May 18 2020, 7:32 PM.

Description

sm: Support creation of EdDSA certificates.

* sm/misc.c (transform_sigval): Support EdDSA.
* sm/certreqgen.c (create_request): Support EdDSA cert creation.
* sm/certcheck.c (gpgsm_check_cert_sig): Map some ECC algo OIDs to
hash algos.
* sm/call-agent.c (struct sethash_inq_parm_s): New.
(sethash_inq_cb): New.
(gpgsm_agent_pksign): Add mode to pass plain data for EdDSA.

Tested using a parameter file

Key-Type: EdDSA
Key-Length: 1024
Key-Grip: 09D9AE3D494F7888C93BE5106AD8A734A87617F0
Key-Usage: sign
Serial: random
Name-DN: CN=dummy test ed25519

where the keygrip is from a gpg generated Ed25519 key. ECDSA was
tested using

Key-Type: ECDSA
Key-Length: 1024
Key-Grip: 8E06A180EFFE4C65B812150CAF19BF30C0689A4C
Key-Usage: sign
Serial: random
Name-DN: CN=dummy test nistp256

and RSA using

Key-Type: RSA
Key-Length: 2048
Key-Grip: C6A6390E9388CDBAD71EAEA698233FE5E04F001E
Key-Usage: sign
Serial: random
Name-DN: CN=dummy test rsa

The command used in all cases is

gpgsm -v --gen-key --batch  a.parm >a.crt
gpgsm -v --import <a.crt

More support, in particular in the user interface, is required and
will follow soon.

  • GnuPG-bug-id: T4888
  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details