Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3377692pxb; Mon, 17 Jan 2022 19:02:57 -0800 (PST) X-Google-Smtp-Source: ABdhPJwD3HD6QLcO/z8xGdq3UC7aYNysHNFZK8EMobo/Iv5M5Oo0kBHY9NNnsBNJFAlYD11O3Ra4 X-Received: by 2002:a17:90b:4c89:: with SMTP id my9mr9439730pjb.74.1642474977654; Mon, 17 Jan 2022 19:02:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642474977; cv=none; d=google.com; s=arc-20160816; b=kVEgrHkpRYKSgudZHqAPCoNSfd646bPw9zWSQJjESvnbgXs0y46+3P/KHPJAFOr45e SqA0BjfAXfB2tNx6AXzQurpm2dWbKYlJ9nhyxpmZin1tFbOQNH+IYCXhe2oD8zHWvDi/ vtbJZ8+ah4U6Yf8cKXPK+utoc+Mom6FJIq/I5DOMjXiyMOE14qgmBqJdLTem57m/VHhH D2xQ5eHwNJbg/TB9CIyWWRwXOBNxn7agN4GC5hw6zW5vJC/f/U+XLp5jbTlVIiMgGXUJ wPLF8037ve2cfQgvYi3NuTXAiS/xMSxJIrACRO5HDufbm6wmDZENJy+MhZYPLJ3cNC9F 5OeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:subject :from:references:cc:to:content-language:user-agent:mime-version:date :message-id; bh=c4lXw52fQUbiCODQ++Cseh7goRvFWQIxaJ6My6FAGlE=; b=nqRX10q1LxYsP56WXzU74jDYDz5/joNb5cpKuMbPNQHattLLmCSHQXVwfvAn6szzxj G07tsFz0ibQZ7Ow0L8UnMrVD6JpHzEkxo1RcMNvY2Dq73ryPbuqvWz5EQC2atSWun59Z R13w1HsTV1/4M/1NYeid0AlhbHl7luirR1gDehXQNukDd+hCoI92XlYAtQ9mg9Zx5Ha0 4+10vgd1YOr8qpe7C57ubTsyK0aiPeGCbpOA+DhEdFFaF7t0cWlBJMoW/NGWEYV4T5/R oPwOPkV8Der/YHfe6ceHMu7vwKSjwyJ0/5rVmxGwiZ81siUEgGvp90Of0BY4eI/FPi1y ABjw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c1si18873822pfv.373.2022.01.17.19.02.44; Mon, 17 Jan 2022 19:02:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243178AbiAQU7z (ORCPT + 99 others); Mon, 17 Jan 2022 15:59:55 -0500 Received: from vps-vb.mhejs.net ([37.28.154.113]:41940 "EHLO vps-vb.mhejs.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235739AbiAQU7y (ORCPT ); Mon, 17 Jan 2022 15:59:54 -0500 Received: from MUA by vps-vb.mhejs.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1n9Z68-0002gK-TR; Mon, 17 Jan 2022 21:59:28 +0100 Message-ID: <392d28fa-7a2c-867a-5fbb-640064461eb7@maciej.szmigiero.name> Date: Mon, 17 Jan 2022 21:59:22 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Content-Language: en-US To: Konstantin Ryabitsev Cc: Roberto Sassu , dhowells@redhat.com, dwmw2@infradead.org, herbert@gondor.apana.org.au, davem@davemloft.net, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, ebiggers@kernel.org, "Jason A. Donenfeld" References: <20220111180318.591029-1-roberto.sassu@huawei.com> <20220117165933.l3762ppcbj5jxicc@meerkat.local> From: "Maciej S. Szmigiero" Subject: Re: [PATCH 00/14] KEYS: Add support for PGP keys and signatures In-Reply-To: <20220117165933.l3762ppcbj5jxicc@meerkat.local> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 17.01.2022 17:59, Konstantin Ryabitsev wrote: > On Mon, Jan 17, 2022 at 03:34:54PM +0100, Jason A. Donenfeld wrote: >> If you're looking for a simple signature mechanism to replace the use of >> X.509 and all of that infrastructure, may I suggest just coming up with >> something simple using ed25519, similar to signify or minisign? Very >> minimal code in the kernel, in userspace, and very few moving parts to >> break. > > I am concerned that ed25519 private key management is very rudimentary -- more > often than not it is just kept somewhere on disk, often without any passphrase > encryption. > > With all its legacy warts, GnuPG at least has decent support for hardware > off-load via OpenPGP smartcards or TPM integration in GnuPG 2.3, but the best > we have with ed25519 is passhprase protection as implemented in minisign (and I am not sure that I understood your point here correctly, but GnuPG already supports ed25519 keys, including stored on a smartcard - for example, on a YubiKey [1]. While the current software support for ed25519 might be limited, there is certainly progress being made, RFC 8410 allowed these algos for X.509 certificates. Support for such certificates is already implemented in OpenSSL [2]. ECDSA, on the other hand, is very fragile with respect to random number generation at signing time. We know that people got burned here in the past. Thanks, Maciej [1]: https://developers.yubico.com/PGP/YubiKey_5.2.3_Enhancements_to_OpenPGP_3.4.html [2]: https://blog.pinterjann.is/ed25519-certificates.html