RPM

Enable ECDSA signatures

Registered by Jeff Johnson

gnupg now includes support for ECC/ECDSA so RFC 2440/4880 ECDSA key-pairs can be generated

Blueprint information

Status:
Started
Approver:
Jeff Johnson
Priority:
Medium
Drafter:
Jeff Johnson
Direction:
Approved
Assignee:
Jeff Johnson
Definition:
Discussion
Series goal:
Accepted for 5.4
Implementation:
Good progress
Milestone target:
milestone icon 5.4.16
Started by
Jeff Johnson

Related branches

Sprints

Whiteboard

(from rpm-5.3 development in 2010)
===================================
gnupg2 and libgcrypt needs to be recompiled +ECC.
    Announce is here
        http://www.gossamer-threads.com/lists/gnupg/devel/51762
    with code here
        http://code.google.com/p/gnupg-ecc/
    and IETF draft here
        http://sites.google.com/site/brainhub/pgp

nss-3.12.8 needs to be patched +ECDSA and recompiled.
    Packaged on RHEL6.

openssl 1.0.0a needs to be patched +ECDSA and recompiled.
    Packaged on RHEL6.

libtomcrypt needs to be packaged and recompiled.

(from rpm-5.4 development in August 2013)
===================================
ECDSA is passing internally consistent generate-sign-verify tests using
recompiled Fedora packages with these specific versions:
   libgcrypt-1.5.3-1.el6.x86_64 (after undoing RHEL6 removal)
   nss-3.15.1-3.el6.x86_64 (after undoing RHEL6 removal)
   openssl-1.0.1e-13.el6.x86_64 (after undoing RHEL6 removal
   libtomcrypt-1.17-18.el6.x86_64

Getting gnupg +ECDSA pubkeys which are then parsed/verified remains
to be tested. The original pre-RFC6637 format has been implemented, but oid -> curve
parameter lookup is surely going to need de facto examples/tests.

There are example RFC 6637 keys/signatures here:
    http://code.google.com/p/gnupg-ecc/

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.