Future problems with OpenGPG card and ECC

Sébastien Lorquet squalyl at gmail.com
Thu Feb 17 17:41:11 CET 2011


Hi,

Do anyone know how an opengpg card implemented in javacard is supposed to
work with ECC?

The opengpg card spec v2.0 states:

> The hash value (ECDSA) or the DigestInfo is delivered in the data field of
the command.

With RSA, there are no problems. A Cipher object with algorithm
ALG_RSA_PKCS1 can be used. The input to the RSA exponentiation is the digest
info, the output is the signature.

However, with ECC, this scheme is not available. The Cipher class does NOT
provides means to use ECC for ciphering. There is no ALG_EC_PKCS1 ciphering
algorithm.
We only get a Signature object, with, e.g. algorithm ALG_ECDSA_SHA. This
combines a SHA-1 digest with an ECC signature.

So we cannot provide the hash value in the command data field. We can only
provide the hash input data, and the card computes the sha-1 of this input
onboard before doing ECDSA calculations.

As a consequence, we need a change the spec, in order to supply the whole
data to be digested to the card.

I propose this wording:
> The data to be hashed (ECDSA) or the DigestInfo is delivered in the data
field of the command.

And I hope this input data is not too long.

Any thougths?

Sebastien Lorquet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110217/ec379d86/attachment-0001.htm>


More information about the Gnupg-devel mailing list