GPG support?

[tupui]

Hi,

I was trying to play with a Yubikey to generate a Keypair. As far as I understand, it could be possible to do with a GPG key using the ED25519 curve. Ok, so I created such signing key, loaded that on the Yubikey and now I am trying to get this working with Keypair. Very roughly it could look like this:

import base64

import gnupg
from stellar_sdk import Keypair


key_id = "..."
passphrase = "..."

gpg = gnupg.GPG()


def sign_sk(self, data: bytes) -> bytes:
    res = gpg.sign(data, keyid=key_id, passphrase=passphrase, detach=True)
    if res.returncode != 0:
        raise SystemError()

    sig = b"".join(res.data.decode().split("\n")[2:5])[-1]
    return sig


def verify_sk(self, data: bytes, signature: bytes) -> None:
    # make PGP message
    ...
    res = gpg.verify(signature)
    if res.returncode != 0:
        raise SystemError()


public_key = "".join(gpg.export_keys(key_id).split("\n")[2:11])
public_key = base64.b64decode(public_key)

keys = Keypair.from_raw_ed25519_public_key(public_key.encode())
keys.sign = sign_sk
keys.verify = verify_sk

This does not work as there are some metadata around the public key and the signature.

You might know how to make this work @overcat?

(I tried to open a question on SO for the GPG/pynacl part... https://stackoverflow.com/questions/78704529/use-gpg-in-python-with-pynacl)

[overcat]

I apologize for the inconvenience, but I'm afraid I have too much on my plate at the moment to address this issue. It may take some time before I'm able to handle it.

BTW, I think there is another issue here. When GPG signs with ed25519, it processes the data using sha512, while the SDK uses sha256.

[tupui]

No worries at all.

Good info about the hashing algo, thanks. I did a quick search and seems like this can be changed
https://security.stackexchange.com/questions/90594/how-to-change-personal-cipher-digest-preferences-of-existing-openpgp-key-in-gnup