Mailing List Archive

About support of RFC 2437, 4056 and 6979
Hi all.

Does GnuPG support OAEP for RSA (PKCS#1 v2 and RFC 2437), RSA-PSS (RFC 4056?), or deterministic usage of (EC)DSA (RFC 6979)?

And if GnuPG does support RFC 6979, would it also work with (EC)DSA private keys stored on OpenPGP cards which support (EC)DSA algorithms?


Best Regards,

Persmule

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: About support of RFC 2437, 4056 and 6979 [ In reply to ]
On Sat, 20 Jul 2019 10:07, persmule@hardenedlinux.org said:

> Does GnuPG support OAEP for RSA (PKCS#1 v2 and RFC 2437), RSA-PSS (RFC

gpg does not support this because OpenPGP requires pkcs-1.5. There are
no plans to change this because there is not real world issue with
pcsc-15. when using in the way OpenPGP uses it.

> 4056?), or deterministic usage of (EC)DSA (RFC 6979)?

That is an implementation detail: gpg uses rfc-6979 since version 2.0.23
when it requires the use of Libgcrypt 1.6 implements this feature.

> And if GnuPG does support RFC 6979, would it also work with (EC)DSA
> private keys stored on OpenPGP cards which support (EC)DSA algorithms?

Yes for on-disk keys. For cards it depends on the specific card. Note
that we suggest the use of EdDSA with Curve25519 instead of ECDSA.


Shalom-Salam,

Werner


--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.