Hello,
I am using a Yubikey 5C NFC with OpenPGP Version 3.4 Applet and an
`ed25519` curve signing key. I'm attempting to create `EdDSA`
Algorithm JWTs using GnuPG tooling, but I've encountered some
difficulties. I've used `gpg-connect-agent` to interact with my Smart
Card through a low-level API, as shown in the following commands:
```
RESET
SCD READKEY OPENPGP.1
SCD SETDATA $MY_ARBITRARY_DATA
SCD PKSIGN --hash=sha512 OPENPGP.1
```
I can sign arbitrary data with some limitations, and the successful
output looks like:
```
OK
D
(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q33:@?m�7;��5%0A�A�2v��o�s��ρ��pE�g9)))
OK
OK
D @������;�\���T�t�%25���kLJ
�Ku�Q[��~���L��#V%0D;Gp/@�J�
OK
```
I have a few questions about this process:
1. Is it feasible to use `gpg-connect-agent` and the `SCD *`
operations for my goal? Are there any alternative approaches?
2. In the output, are the public key and signature encoded with
S-Expression and MPI? How should I parse this output?
3. I receive an error when trying to `SCD PKSIGN` with data above 64
bytes: "ERR 100663351 Invalid value <SCD>". Is this a tooling
limitation, or is there a way to sign arbitrary data? I can sign
arbitrary data using `COMPUTE DIGITAL SIGNATURE` with direct APDU
communication to the Smart Card.
Thank you for your help!
Kind regards,
Yigitcan
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
