OpenPGP Card Application
Clone or download
cslashm Enhancement + bugfix

- full independant serial per slot
- EXIT instruction ('02') controlled by PW2
- remove code belonging  curves other than Ed25519/NISTP256
- fix io bug when APDU is 4 bytes lenght


- dual version XL/1slot. XL contains 3 key slots, normal only one.
  use "MULTISLOT=1 make" to compile XL version
- add exit rule


- update dev/user


- froce backup filename suffix: _slot<x>.pickle
- add --set_template option
- add --slot option
- rename --set-fp to  --set-fingerprints
Latest commit 8f841e7 Oct 10, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
doc Enhancement + bugfix Oct 10, 2018
glyphs 1.0 RC2 Mar 28, 2017
images reorg some image files Aug 30, 2017
pytools/gpgcard Enhancement + bugfix Oct 10, 2018
src Enhancement + bugfix Oct 10, 2018
LICENSE Initial commit Mar 21, 2017
Makefile Enhancement + bugfix Oct 10, 2018
Makefile.rules 1.2.0 code May 30, 2018 Reference the new documentation (try 2...) Aug 31, 2017
script.ld 1.4.1 firmware port Mar 13, 2018

GnuPG application: blue-app-gnupg

GnuPG application for Ledger Blue and Nano S

This application implements "The OpenPGP card" specification revision 3.0. This specification is available in doc directory and at .

The application supports:

  • RSA with key up to 4096 bits
  • ECDSA with secp256k1, secp256r1, brainpool 256r1 and brainpool 256t1 curves
  • EDDSA with Ed25519 curve
  • ECDH with secp256k1, secp256r1, brainpool 256r1, brainpool 256t1 and curve25519 curves

This release has known missing parts (see also Add-on) :

  • Ledger Blue support
  • Seed mode ON/OFF via apdu

Installation and Usage

See the full doc at


The GnuPG application implements the following addon:

  • serial modification
  • on screen reset
  • 3 independent key slots
  • seeded key generation

Technical specification is available at

Key slot

"The OpenPGP card" specification specifies:

  • 3 asymmetric keys : Signature, Decryption, Authentication
  • 1 symmetric key

The blue application allow you to store 3 different key sets, named slot. Each slot contains the above 4 keys. You can choose the active slot on the main screen. When installed the default slot is "1". You can change it in settings.

seeded key generation

A seeded mode is implemented in order to restore private keys on a new token. In this mode key material is generated from the global token seeded.

Please consider SEED mode as experimental.

More details to come...

On screen reset

The application can be reset as if it was fresh installed. In settings, choose reset and confirm.