I am using the flexSecure Java Card Implant and I am trying to set up a GPG key structure that allows for external key import (to maintain a cold-storage backup).
I have successfully configured the card with RSA-4096. I was able to change the key attributes and successfully import an externally generated RSA-4096 key to the card. This confirms that the installed SmartPGP applet is likely the “Large” version with sufficient buffer size.
However, my goal is to use ECC (preferably Ed25519), but I am facing the following issues:
Ed25519 (Curve 25519):
When attempting to change the key attributes (key-attr) to Ed25519 (Curve 25519) in GnuPG, the card does not accept the attribute change at all. It seems this curve might be disabled in the pre-installed applet build.
Brainpool P-256:
I can successfully set the key attributes to brainpoolP256r1.
On-card generation works perfectly.
Importing an externally generated Brainpool key fails with the error: gpg: key operation not possible: Invalid value.
My Question:
Does the specific SmartPGP build pre-installed on the flexSecure support the import of ECC keys (specifically Ed25519 or Brainpool)? Since I rely on having a physical backup of my keys, on-card generation is not an option for me.
Is there a specific configuration or workaround to enable Ed25519 support or fix the Brainpool import issue?
@ashsh is correct, the P71 chip in the Apex and flexSecure implants uses Java Card 3.0.5, which predates support for ED25519 (and other named curves). Brainpool should be supported for key lengths up to 640 bits (more than enough for brainpoolP256r1). I’ve never tried generating or importing any Brainpool keys though.
Here are some other posts that discuss it in more detail:
Here is the public security policy that NXP submitted to NIST for the P71D600 (a newer variant of the P71 that runs JCOP 4.5 instead of JCOP 4)
It covers all of the algorithms supported, and it explicitly mentions support for brainpoolP256r1 key generation. The section on ECKey Session (page 29/30), explicitly mentions the ability to import P-256 public keys, and the table on page 56/57 says “Entered during manufacturing/personalization or imported in secure challen specified by GP-AMD-I” in regards to APP-ECC-RT-PRIV_KA. Those capabilities are based on the SEMS Lite applet developed by NXP, though.
I also found the Security Target documentation for the P71 JCOP 4, and while it does generally seem to support importing keys, I didn’t see anything explicit about P-256/braintrust256