Fingerprint mismatch for 384-bit ECDH keys generated on SmartCards

NIIBE Yutaka gniibe at fsij.org
Wed Mar 13 01:27:27 CET 2019


Trevor Bentley via Gnupg-devel <gnupg-devel at gnupg.org> wrote:
> I would assume that the definition in ecdh.c should have been 
> CIPHER_ALGO_AES192...

I agree.

In the Section 13 of RFC-6637, an implementation SHOULD use symmetric
key size 192 for ECC strength of 384.  It also says that (a stronger
hash algorithm or) a stronger symmetric key algorithm MAY be used, so,
use of CIPHER_ALGO_AES256 was not 100% wrong, and is considered OK (if
it matches the behavior on smartcard).

I fixed ecdh.c for master.

> I did verify that changing it fixes the mismatch and allows importing
> into OpenKeychain.  But maybe changing it now breaks all existing
> keys?

IIUC, kek_params_table is only used for key generation.  How does the
change break existing keys?  I wonder.
-- 



More information about the Gnupg-devel mailing list