RE: [pkcs11] PKCS#11 and EdDSA

[Daniel Minder <Daniel.Minder@utimaco.com>]

Hi Jakub,

if you look at table 32 listing all EC mechanisms vs functions you'll recognize that so far none of the EC mechanisms can be used with encrypt&decrypt. IMO a new ECIES mechanism would be needed, implemented according to SEC 1 section 5.1 and requiring a bunch of parameters (key derivation, MAC, symmetric encryption, etc.).

So far, this has not been foreseen for version 3.1, but feel free to create a proposal.

Regards,
Daniel

-----Original Message-----
From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org> On Behalf Of Jakub Jelen
Sent: Sonntag, 19. Januar 2020 23:02
To: pkcs11@lists.oasis-open.org
Subject: [pkcs11] PKCS#11 and EdDSA

Hello all,

I started looking through the EdDSA usage in the OpenGPG card/Gnuk [1] in contrast with the new PKCS#11 3.0. If I read both right, the signature can be implemented with CKM_EDDSA mechanism, but what I miss is any algorithm that could be used for the encryption/decryption counterpart (which is quite crucial in GPG).

Is this something that is missing from the 3.0 specs (and probably material for 3.1?) or is that something that I miss with my (still quite limited) knowledge of elliptic curves in general?

[1] https://wiki.gnupg.org/ECC

Regards,
--
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.


________________________________

Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen â Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Dr. Frank J. Nellissen CFO

This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.