Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for GENERATE ASYMMETRIC KEY PAIR #31

Merged
merged 40 commits into from
Aug 11, 2022
Merged

Add support for GENERATE ASYMMETRIC KEY PAIR #31

merged 40 commits into from
Aug 11, 2022

Conversation

sosthene-nitrokey
Copy link
Collaborator

No description provided.

@sosthene-nitrokey sosthene-nitrokey mentioned this pull request Jul 29, 2022
Open
23 tasks
@sosthene-nitrokey sosthene-nitrokey changed the title [wip] Add support for GENERATE ASYMMETRIC KEYPAIR [wip] Add support for GENERATE ASYMMETRIC KEY PAIR Jul 29, 2022
@sosthene-nitrokey sosthene-nitrokey mentioned this pull request Jul 29, 2022
Merged
@sosthene-nitrokey sosthene-nitrokey force-pushed the generate-key-pair branch 5 times, most recently from 63b1d58 to 7489a8c Compare August 2, 2022 08:15
sosthene-nitrokey added a commit that referenced this pull request Aug 3, 2022
@sosthene-nitrokey
Add method for "lending" the context
2efad2d 
This is useful because the Context is generally passed by value.
The method on `LoadedContext` is currently unused by will be used in #31
@sosthene-nitrokey sosthene-nitrokey mentioned this pull request Aug 3, 2022
Merged
sosthene-nitrokey added a commit that referenced this pull request Aug 3, 2022
@sosthene-nitrokey
Add method for "lending" the context
f289d97 
This is useful because the Context is generally passed by value.
The method on `LoadedContext` is currently unused but will be used in #31
sosthene-nitrokey added a commit that referenced this pull request Aug 3, 2022
@sosthene-nitrokey
Add method for "lending" the context
becb528 
This is useful because the Context is generally passed by value.
The method on `LoadedContext` is currently unused but will be used in #31
sosthene-nitrokey added a commit that referenced this pull request Aug 3, 2022
@sosthene-nitrokey
Add method for "lending" the context
17abcbf 
This is useful because the Context is generally passed by value.
The method on `LoadedContext` is currently unused but will be used in #31
@sosthene-nitrokey sosthene-nitrokey force-pushed the generate-key-pair branch 2 times, most recently from 9710205 to 8f35afe Compare August 3, 2022 13:18
@sosthene-nitrokey
Copy link
Collaborator Author

GENERATE ASYMMETRIC KEYPAIR is supported (outside of RSA) and seems to work. But i'll keep going with the PSO commands so that I can test if the keys are properly generated.

sosthene-nitrokey added a commit that referenced this pull request Aug 3, 2022
@sosthene-nitrokey
Add nettle to the pipeline image
ffd92a3 
This is required for building openpgp-card-sequoia for testing #31
@sosthene-nitrokey sosthene-nitrokey mentioned this pull request Aug 3, 2022
Merged
@sosthene-nitrokey sosthene-nitrokey force-pushed the generate-key-pair branch 2 times, most recently from 4cb22cc to a05ee06 Compare August 5, 2022 17:12
@sosthene-nitrokey sosthene-nitrokey changed the title [wip] Add support for GENERATE ASYMMETRIC KEY PAIR Add support for GENERATE ASYMMETRIC KEY PAIR Aug 8, 2022
robin-nitrokey added a commit that referenced this pull request Aug 8, 2022
@robin-nitrokey
ci: Add libpcslite-dev to Dockerfile
e7c8640 
This patch adds libpcslite-dev to the package list in the Dockerfile
used for the CI.  This is required for #31.
robin-nitrokey added a commit that referenced this pull request Aug 8, 2022
@robin-nitrokey
ci: Add libpcslite-dev to Dockerfile
6677d19 
This patch adds libpcslite-dev to the package list in the Dockerfile
used for the CI.  This is required for #31.
@sosthene-nitrokey sosthene-nitrokey mentioned this pull request Aug 9, 2022
Merged
@sosthene-nitrokey
Copy link
Collaborator Author

This PR depends on a patch for littlefs2-sys to fix the issues with bindgen similar to https://github.com/davidcole1340/ext-php-rs/pull/36/files, but I'm not sure it's the "correct" solution and that it wouldn't cause conflicts with other dependencies so I'm not certain about upstreaming it.

@robin-nitrokey
Copy link
Member

It would be good to have a guideline from the bindgen developers, but I think your fix is most likely the best solution. So let’s open an upstream PR. We can always change it if we receive other instructions from bindgen.

robin-nitrokey
robin-nitrokey reviewed Aug 10, 2022
View reviewed changes
Copy link
Member

@robin-nitrokey robin-nitrokey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you! I’ve added some suggestions and questions.

tests/crypto-sequoia.rs
let mut sign_card = open.signing_card().unwrap();
let mut signer = sign_card.signer_from_public(pubk.clone(), &|| {});
let data = [1; 32];
let signature = signer.sign(HashAlgorithm::SHA256, &data).unwrap();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this work with other hash algorithms too?

Copy link
Collaborator Author

@sosthene-nitrokey sosthene-nitrokey Aug 10, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Looking at the openpgp-card source code it appears that for ECC the given hash is ignored: https://gitlab.com/openpgp-card/openpgp-card/-/blob/main/openpgp-card-sequoia/src/signer.rs#L156

@sosthene-nitrokey
Copy link
Collaborator Author

sosthene-nitrokey commented Aug 10, 2022
edited
Loading

There's one weird behavior of gpg which I need to investigate. Outside of expert mode it only offers setting the key attributes to RSA, Curve25519 or nist P-384. It does not offer P-256. It's surprising. It should probably not offer P-384 given that it's not announced as supported by opcard so I'm not sure what's happening.

@sosthene-nitrokey
Fix deletion of key on attribute change
13a6b90 
- Only delete the key once (it was incorrectly done twice)
- Only delete the keys when the attribute has actually changed
- Delete the fingerprints and generation dates when deleting the keys
@sosthene-nitrokey
Copy link
Collaborator Author

Ok, so it seems it's because P-256 is not supported by GPG, and that GPG doesn't offer the key attributes based what the card announces to support.

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keygen.c;h=80d65c444fd59cd9940d1309a3b6299c4abca311;hb=refs/heads/STABLE-BRANCH-2-2#l2409

@sosthene-nitrokey sosthene-nitrokey mentioned this pull request Aug 11, 2022
Merged
@robin-nitrokey robin-nitrokey merged commit 2fb3735 into main Aug 11, 2022
@robin-nitrokey robin-nitrokey deleted the generate-key-pair branch August 11, 2022 14:22
@robin-nitrokey
Copy link
Member

Thank you, merged!

@robin-nitrokey robin-nitrokey mentioned this pull request Aug 11, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robin-nitrokey robin-nitrokey robin-nitrokey left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sosthene-nitrokey @robin-nitrokey