lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220117215449.2qboqd3nmsky2g3w@nitro.local>
Date:   Mon, 17 Jan 2022 16:54:49 -0500
From:   Konstantin Ryabitsev <konstantin@...uxfoundation.org>
To:     "Maciej S. Szmigiero" <mail@...iej.szmigiero.name>
Cc:     Roberto Sassu <roberto.sassu@...wei.com>, dhowells@...hat.com,
        dwmw2@...radead.org, herbert@...dor.apana.org.au,
        davem@...emloft.net, keyrings@...r.kernel.org,
        linux-crypto@...r.kernel.org, linux-integrity@...r.kernel.org,
        linux-fscrypt@...r.kernel.org, linux-kernel@...r.kernel.org,
        zohar@...ux.ibm.com, ebiggers@...nel.org,
        "Jason A. Donenfeld" <Jason@...c4.com>
Subject: Re: [PATCH 00/14] KEYS: Add support for PGP keys and signatures

On Mon, Jan 17, 2022 at 09:59:22PM +0100, Maciej S. Szmigiero wrote:
> > I am concerned that ed25519 private key management is very rudimentary -- more
> > often than not it is just kept somewhere on disk, often without any passphrase
> > encryption.
> > 
> > With all its legacy warts, GnuPG at least has decent support for hardware
> > off-load via OpenPGP smartcards or TPM integration in GnuPG 2.3, but the best
> > we have with ed25519 is passhprase protection as implemented in minisign (and
> 
> I am not sure that I understood your point here correctly, but GnuPG
> already supports ed25519 keys, including stored on a smartcard - for
> example, on a YubiKey [1].

Yes, I know, but you cannot use ed25519-capable OpenPGP smartcards to create
non-PGP signatures. The discussion was about using ed25519 signatures
directly (e.g. like signify/minisign do). Jason pointed out to me on IRC that
it's possible to do it with YubiHSM, but it's an expensive device ($650 USD
from Yubico).

> While the current software support for ed25519 might be limited, there
> is certainly progress being made, RFC 8410 allowed these algos for X.509
> certificates.
> Support for such certificates is already implemented in OpenSSL [2].
> 
> ECDSA, on the other hand, is very fragile with respect to random number
> generation at signing time.
> We know that people got burned here in the past.

I think this is taking us far away from the main topic (which
signing/verification standards to use in-kernel).

-K

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ