Hi,
I’m trying to import an ECC-Key to Nitrokey Storage via the “keytocard”-command and it gives me:
"gpg: keytocard failed: invalid value "
Here is my setup:
ECC-Key: edd25519
gpg version: 2.2.4
Nitrokey-Firmware: 0.51
Importing the same key with the same setup works flawlessly with a Nitrokey Start, so I assume that there might be a problem with ECC/Storage?
Any Ideas ?
Niklas
The last Nitrokey Storage uses OpenPGP Card v3.3 (that is the last available version). Furthermore OpenPGP Card v3.3 supports only brainpool and nist curves. BTW Previous OpenPGP cards don’t support ECC at all.
Can you show the “gpg --card-status” output in order to confirm the OpenPGP card version?
ciao
luigi
Hi Luigi,
you are right, I’m using V3.3 : I thought that Nitrokey Storage also supports the edd25519-curves as the Nitrokey Start does, but obviously that’s wrong.
Possibly a newbie-question but: could a NK-Storage firmware upgrade also upgrade the OpenPGP-version so that I could import his ECC-keys?
Or is there a time schedule when NK-Storage will be available with ECC-capabilities?
Greetings
No. The OpenPGP part is forwarded to OpenPGP Card. The Nitrokey Storage/Pro acts just like a smartcard reader and you cannot add new key types support by firmware update.
If you haven’t any problem with NSA or CIA, you can use nist curves that are also supported by ssh.
My actual use case:
My Master Key is an RSA-4096 and is stored on a cold storage, paper and a vanilla OpenPGP card. I use the master key only to sign other keys and signing speed is not an issue.
The main trouble is that Poldi doesn’t support ECC curves yet and you should use RSA Authentication Key to authenticate (slow but secure).
I will suppose to switch to a full ECC in the next 2 years when:
Until the next 2 years. Nitrokey Pro/Storagre with OpenPGP card (V2.1+) is a perfect everyday companion for me.
ciao
luigi
Sorry for the noise. You can follow the support status here:
Curve25519 for Zeitcontrol card
Now it is just blank…
ciao
luigi
