Re: [PATCH 00/14] KEYS: Add support for PGP keys and signatures

[Konstantin Ryabitsev]

On Mon, Jan 17, 2022 at 09:59:22PM +0100, Maciej S. Szmigiero wrote:
> > I am concerned that ed25519 private key management is very rudimentary -- more
> > often than not it is just kept somewhere on disk, often without any passphrase
> > encryption.
> > 
> > With all its legacy warts, GnuPG at least has decent support for hardware
> > off-load via OpenPGP smartcards or TPM integration in GnuPG 2.3, but the best
> > we have with ed25519 is passhprase protection as implemented in minisign (and
> 
> I am not sure that I understood your point here correctly, but GnuPG
> already supports ed25519 keys, including stored on a smartcard - for
> example, on a YubiKey [1].

Yes, I know, but you cannot use ed25519-capable OpenPGP smartcards to create
non-PGP signatures. The discussion was about using ed25519 signatures
directly (e.g. like signify/minisign do). Jason pointed out to me on IRC that
it's possible to do it with YubiHSM, but it's an expensive device ($650 USD
from Yubico).

> While the current software support for ed25519 might be limited, there
> is certainly progress being made, RFC 8410 allowed these algos for X.509
> certificates.
> Support for such certificates is already implemented in OpenSSL [2].
> 
> ECDSA, on the other hand, is very fragile with respect to random number
> generation at signing time.
> We know that people got burned here in the past.

I think this is taking us far away from the main topic (which
signing/verification standards to use in-kernel).

-K