Perhaps Nitrokey Start’s implementation is a bit different than described in OpenPGP v3.4 standard (I would guess it was written after initial v3.0/v3.1). I am not aware of any direct differences, but each device has its own driver in GnuPG/OpenSC implementation, where they could be investigated.
You could try to look into another OpenPGP v3.4 implementation, like:
I haven’t resolved the problem yet, but I believe i should be able to do it with your previous answers.
Regarding point 5 : I see that the return is really the point on the curve. So I have correctly set the command.
So in order to retrieve the share secret, I should only consider the r.x response for my result. Unfortunately, it isn’t equal to my Bob random, then I need to dig a little bit more.
I thought that my “Bob computation” was ok, but I will check again.
Regarding point 2 : Could you check the fixture, because AFAIU it only covers RSA decryption.
And very cosmetic point, I was not aware of Freshen, but since it is no more maintained I understand why. Have you already considered Aloe ? I moved from Lettuce to Aloe without noticeable troubles and you can export your results to xunit format.
Aren’t you stuck with python 2.x with freshen ?