Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support of Curve25519 #10

Open
fsuel opened this issue Jun 26, 2018 · 13 comments
Open

Support of Curve25519 #10

fsuel opened this issue Jun 26, 2018 · 13 comments

Comments

@fsuel
Copy link

fsuel commented Jun 26, 2018

Hi,
Do you plan to support Curve 25519 as Gnuk (v 1.1.9 :https://github.com/ggkitsas/gnuk/blob/master/NEWS) , GnuPg (v 2.1 : https://gnupg.org/faq/whats-new-in-2.1.html) and Openkeychain (v 4.9 : https://apkdot.com/apk/openkeychain/openkeychain/openkeychain-easy-pgp-5-1-2/) do and when ?

It would be great to have smartcard and usb/gnuk token which support Curve25519, the first one for smartphone/NFC usage and the last one for PC.

Best regards

@af-anssi
Copy link
Contributor

It is not planned to support Curve25516 in SmartPGP for two reasons:

  1. it is not (yet?) part of OpenPGP standard;
  2. Javacard (3.0.x) does not offer native support for Curve25519 and does not offer enough low-level primitives to implement it at the applet level (https://stackoverflow.com/questions/31807585/using-curve25519-on-javacard)

@dschuermann
Copy link
Contributor

There is a new project on the horizon providing re-implementations of low-level primitives, but I am not sure how helpful this is: http://opencryptojc.org/

@fsuel
Copy link
Author

fsuel commented Jun 26, 2018

If Curve25519 is not yet a OpenPGP smartcard specification (https://gnupg.org/ftp/specs/OpenPGP-smart-card-application-3.3.pdf), it is implemented by Gnuk witch is OpenPGP card compliant and other Nitrokeys, Yubikeys.

IANIX web site (https://ianix.com/pub/curve25519-deployment.html) talk about things that use Curve255196 and refere to Javacard: jc_curve25519 from David Oswald. But i don't know if that can help you !

@Alixerid
Copy link

I would like to add a point for motivation to support Curve25519 in SmartPGP:

This project is great because it supports both strong RSA keys with 4096 bits and NFC. Unfortunately, there seems to be no smart card hardware on the market that supports more than 2048 bit key size and has an NFC interface. Since 2048 bit RSA keys are not deemed secure in the longer term anymore stronger keys are becoming more important for any user. Smartphone users who can leverage the convenience of NFC smart cards would really benefit from Curve25519 support in this project.

@af-anssi
Copy link
Contributor

af-anssi commented Jul 2, 2018

@dschuermann Thank you for the link !

@fsuel Although [the equation can be converted] (http://samuelkerr.com/?p=431), ECDSA is not the algorithm to be used for signature/authentication with this curve (see here). Implementing this algorithm requires low level primitives not available in the JavaCard API (yet ?).

@Alixerid You can already use implemented ECC with SmartPGP with the several curves (NIST P-256, NIST P-384, NIST P-521, brainpool p256r1, brainpool p384r1 and brainpool p512r1) with OpenKeychain on mobiles devices, but also with GnuPG on PC.

@paride
Copy link

paride commented Feb 12, 2019

The newly released Java Card 3.1 specification supports x25519 and Ed25519:

https://docs.oracle.com/en/java/javacard/3.1/specnotes/index.html

@martinpaljak
Copy link
Contributor

But cards with support are ages away

@vvug
Copy link

vvug commented Feb 26, 2019

@martinpaljak sure, but the standard is there now, it is only a matter of time, hopefully. Pity that Gnuk can't run on smartcards (at least I didn't find any which is able to run it...).

@martinpaljak
Copy link
Contributor

Nothing forbids current cards from implementing proprietary extensions, like Edwards curves (I've heard some are available from Asian manufacturers, targeting JC 3.0.1). Also nothing forces the standard to be implemented fully on a future card (look at JCSupport to see the actual support of algorithms on different cards).

But it is specified, indeed.

@af-anssi
Copy link
Contributor

SmartPGP will support Curve25519 on cards compliant with JavaCard 3.1 only.

@af-anssi af-anssi reopened this Mar 20, 2021
@af-anssi af-anssi pinned this issue Jun 9, 2021
@wreps8Owt
Copy link

It may be done by using the achievement of https://github.com/david-oswald/jc_curve25519 .

@af-anssi
Copy link
Contributor

Thank you for the link. For SmartPGP we will rely only on JavaCard platform implementation for security reasons.

@yaperez-anssi
Copy link

Thank you for the link. For SmartPGP we will rely only on JavaCard platform implementation for security reasons.

Are there recent updates on ED25519 support on JC3.1, and availability of JC3.1 platforms (a quick search didn't reveal any).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

9 participants