On Mon, Jan 17, 2022 at 09:59:22PM +0100, Maciej S. Szmigiero wrote: > > I am concerned that ed25519 private key management is very rudimentary -- more > > often than not it is just kept somewhere on disk, often without any passphrase > > encryption. > > > > With all its legacy warts, GnuPG at least has decent support for hardware > > off-load via OpenPGP smartcards or TPM integration in GnuPG 2.3, but the best > > we have with ed25519 is passhprase protection as implemented in minisign (and > > I am not sure that I understood your point here correctly, but GnuPG > already supports ed25519 keys, including stored on a smartcard - for > example, on a YubiKey [1]. Yes, I know, but you cannot use ed25519-capable OpenPGP smartcards to create non-PGP signatures. The discussion was about using ed25519 signatures directly (e.g. like signify/minisign do). Jason pointed out to me on IRC that it's possible to do it with YubiHSM, but it's an expensive device ($650 USD from Yubico). > While the current software support for ed25519 might be limited, there > is certainly progress being made, RFC 8410 allowed these algos for X.509 > certificates. > Support for such certificates is already implemented in OpenSSL [2]. > > ECDSA, on the other hand, is very fragile with respect to random number > generation at signing time. > We know that people got burned here in the past. I think this is taking us far away from the main topic (which signing/verification standards to use in-kernel). -K
