[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] PKCS#11 and EdDSA
On Tue, 2020-01-21 at 09:51 -0800, Robert Relyea wrote: > On 01/19/2020 02:02 PM, Jakub Jelen wrote: > > Hello all, > > > > I started looking through the EdDSA usage in the OpenGPG card/Gnuk > > [1] > > in contrast with the new PKCS#11 3.0. If I read both right, the > > signature can be implemented with CKM_EDDSA mechanism, but what I > > miss > > is any algorithm that could be used for the encryption/decryption > > counterpart (which is quite crucial in GPG). > ED curves can be used with CKM_ECDH to do key exchange (like other > EC > curves). Only the Signature had a different mechanism. > > The CKM_ECDH was already available in 2.40 for ED curves IIRC. Right. Thank you for pointers. From what I see, there are CKM_ECDH*_DERIVE mechanisms available for Derive functions. And even though the gpg lists this under encryption, the only thing we can do with ECDH is really the derive operation internally [1]. [1] https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-08#section-13.5 Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]