Enable ECDSA signatures
gnupg now includes support for ECC/ECDSA so RFC 2440/4880 ECDSA key-pairs can be generated
Blueprint information
- Status:
- Started
- Approver:
- Jeff Johnson
- Priority:
- Medium
- Drafter:
- Jeff Johnson
- Direction:
- Approved
- Assignee:
- Jeff Johnson
- Definition:
- Discussion
- Series goal:
- Accepted for 5.4
- Implementation:
- Good progress
- Milestone target:
- 5.4.16
- Started by
- Jeff Johnson
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
(from rpm-5.3 development in 2010)
=======
gnupg2 and libgcrypt needs to be recompiled +ECC.
Announce is here
http://
with code here
http://
and IETF draft here
http://
nss-3.12.8 needs to be patched +ECDSA and recompiled.
Packaged on RHEL6.
openssl 1.0.0a needs to be patched +ECDSA and recompiled.
Packaged on RHEL6.
libtomcrypt needs to be packaged and recompiled.
(from rpm-5.4 development in August 2013)
=======
ECDSA is passing internally consistent generate-
recompiled Fedora packages with these specific versions:
libgcrypt-
nss-
openssl-
libtomcrypt-
Getting gnupg +ECDSA pubkeys which are then parsed/verified remains
to be tested. The original pre-RFC6637 format has been implemented, but oid -> curve
parameter lookup is surely going to need de facto examples/tests.
There are example RFC 6637 keys/signatures here:
http://