Private key storage in seed vs expanded key format for ML-KEM, ML-DSA #139
Assignees
Labels
duplicate
This issue or pull request already exists
Comments
|
This topic is already being tracked in #108. Regarding the private key format for smart cards, I think that their private key format does not necessarily have to conform with the general OpenPGP format. An OpenPGP seed private key could still be imported into a smart card that is using the expanded format. If the expanded key of the card also holds the seed (without using it internally) the key could even be exported to a "software" key again. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As I raised on the mailing list [1], I think there's a reasonable argument for limiting the storage format for post-quantum keys to the seed format rather than the, arguably more temperamental, expanded key format. I think LAMPS is going in the direction of seed-format-only so I think there is precendence that we can follow and go with the same approach. See [2] and [3]
There were some concerns about low-power devices/OpenPGP smart cards but I think it was decided that was not a huge concern or at least not a reason to have multiple key storage formats (but others are free to contradict me if it is :) ).
Happy to provide some assistance with writing/reviewing text on storage formats if it'll help.
[1] https://mailarchive.ietf.org/arch/msg/openpgp/2dg-DrWt4DgIoX8uTalCa-kzE38/
[2] randombit/botan#3893 (comment)
[3] randombit/botan#4270 (comment)
The text was updated successfully, but these errors were encountered: