top | item 46028517

(no title)

rkeene2 | 3 months ago

If you're willing to go a bit further you can also do GPG signing with ECDSA, though it requires a patched GPG due to bugs and a patched SSH agent that allows raw signing. We have a packaged version with a macOS UI [0], but the same backend [1] works on Linux using the tpm via PKCS#11.

We have a blog post on this, but I guess it was never made public, but the only difference between GPG and SSH is the way in which keys and signatures are wrapped and listed through the various layers -- it's all just fundamentally ECDSA with a named curve.

[0] https://github.com/KeetaNetwork/agent

[1] https://github.com/KeetaNetwork/agent/tree/main/Agent/gnupg/...

discuss

No comments yet.