12

I acquired a Yubikey Neo last month. Now I want to use the Smart-Card functionality for PGP. I followed the official guides on the Yubico Website tested it with 2048 RSA Keys and it worked fine. But if I would lose the Key I would have a Problem, because the main private key was solely stored on the Yubikey. So I tried another approach. I created a key on my Computer and used it to generate three subkeys, one for signing, one for authentication and one for encryption. Then I moved the three subkeys on the Yubikey. I wanted to store my Master Key in a safe place and wanted the Yubikey for daily use. I used RSA 4096 for my Master key and RSA 2048 for the subkeys because the Yubikey does not support greater keys. This worked as well.

Question:

GPG supports ECC in newer versions. Is it possible to create a Master key using ECC instead of RSA (Subkeys would still be RSA) and will I be able to communicate with other people (using my subkeys) who use systems that don't yet support ECC? And will they be able to sign my Key and I theirs without problems?

Jonathan Cross
  • 1,548
  • 1
  • 12
  • 25
Max
  • 178
  • 1
  • 7
  • 1
    FYI: Yubikey now [supports 4096 bit keys](https://www.yubico.com/2015/12/yubikey-4096-you-asked-we-delivered/). – Jonathan Cross Feb 19 '16 at 16:11
  • @JonathanCross only the YukiKey 4 which is not available with NFC. So if you want to use your GPG keys on your phone/tablet, you have to stay with the NEO and 2048bit – Josef Jul 04 '16 at 09:27

1 Answers1

8

First of all, be aware that the Yubikey does not support ECC keys (but I don't read from your question that you assumed that).

If you use an ECC primary key, others using older implementations of GnuPG not supporting ECC keys (thus, everything before GnuPG 2.1) will not be able to verify your primary key nor signatures issued by you, as it does not understand the new algorithms. So all in all, people running pre-ECC-versions of GnuPG will be able to

  • sign your key
  • receive messages encyrpted by you (your key is not involved at all)
  • send signed messages to you (your key is not involved at all)

but not be able to

  • verify signatures/certifications issued by you
  • validate your key (which includes verifying a self-signature)
  • verify signatures issued by your RSA subkey, as the subkey's binding signature must be validated before
  • send encrypted messages to an ECC encryption subkey
  • send encrypted messages to an RSA encryption subkey, as the subkey's binding signature must be validated before

Signing your key is possible, as no cryptography with your public key must be performed, but the signee is just calculating a signature (using his own key) over your key's fingerprint.

PS: I verified those operations between GnuPG 1.4 and 2.1, as I had some expectations, but was not sure whether GnuPG actually meets them.

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
  • Okay thanks. So I guess I will keep using RSA for some time and wait till ECC is more commonly used. – Max Aug 11 '15 at 10:43
  • 1
    FYI: The new [YubiKey 4](https://www.yubico.com/products/yubikey-hardware/) supports ECC keys. But [the OpenPGP applet is not Open Source](http://security.stackexchange.com/questions/122959/is-the-openpgp-implementation-of-the-yubikey-4-open-source) as it was in the older NEO devices :-( – Jonathan Cross Jun 07 '16 at 22:23
  • @JonathanCross [The YubiKey 4 documentation](https://www.yubico.com/wp-content/uploads/2016/02/Yubico_YubiKey4YubiKey4Nano_ProductSheet_Feb2016.pdf) only claims ECC support for [PIV](http://csrc.nist.gov/groups/SNS/piv) functionality, not PGP. – Lawrence Velázquez Jun 10 '16 at 21:37
  • @LawrenceVelázquez Interesting, thanks. The 2 other docs I was looking at: [article about the OpenPGP applet and FOSS](https://www.yubico.com/2016/05/secure-hardware-vs-open-source/) and [product overview page](https://www.yubico.com/products/yubikey-hardware/) - gave me the impression they were ECC OpenPGP keys as the "(PIV)" part is omitted. – Jonathan Cross Jun 10 '16 at 22:32
  • 1
    Looking at my YubiKey Neo 4 through `gpg2 --card-edit`, it says `Version ..........: 2.1`. ECC support was not added to the [protocol specification](https://g10code.com/p-card.html) before version 3.0, thus the YubiKey Neo 4 should not support ECC for OpenPGP. I wasn't able to create any non-RSA keys on the YubiKey using GnuPG 2.1, either. – Jens Erat Jun 11 '16 at 17:48
  • @JensErat What do you mean when you say that pre-2.1 GnuPG can’t “verify” ECC primary keys? I know what _signature_ verification is (I think I do, at least), but not _key_ verification. – Lawrence Velázquez Jun 14 '16 at 21:16
  • 1
    This would have better been _validating_ (I changed that now), but sometimes people also use the term _verifying_ for keys. Validating OpenPGP keys means nothing else than verifying the certifications (signatures) on it. This usually includes self-certificates from your own key on your own key, and at the latest at this point GnuPG pre-2.1 will fail at validating the key. – Jens Erat Jun 15 '16 at 07:07
  • If the encryption/signing subkeys are generated as RSA, shouldn't those functions still work with older implementations? I thought the idea was that you'd use the public half of the subkeys for those operations. – user8675309 Dec 05 '17 at 15:29
  • Without being able to use the primary key, implementations will not be able to validate whether a subkey actually belongs to the primary key (technically, the primary key issues a certification on the subkey to prove the relationship). – Jens Erat Dec 08 '17 at 07:42
  • 3
    ECC support has been added to YubiKeys in firmware version 5.2.3. https://support.yubico.com/support/solutions/articles/15000027139-yubikey-5-2-3-enhancements-to-openpgp-3-4-support – steinybot Apr 19 '20 at 03:52