diff --git a/trezor_agent/gpg/agent.py b/trezor_agent/gpg/agent.py
index ca23391..e1d3f9c 100644
--- a/trezor_agent/gpg/agent.py
+++ b/trezor_agent/gpg/agent.py
@@ -65,8 +65,7 @@ def open_connection(keygrip_bytes):
 
 def pksign(keygrip, digest, algo):
     """Sign a message digest using a private EC key."""
-    assert algo == b'8', 'Unsupported hash algorithm ID {}'.format(algo)
-    assert len(digest) == 64  # SHA-256 bits (in hex digits)
+    log.debug('signing %r digest (algo #%s)', digest, algo)
     keygrip_bytes = binascii.unhexlify(keygrip)
     with open_connection(keygrip_bytes) as conn:
         r, s = conn.sign(binascii.unhexlify(digest))
diff --git a/trezor_agent/gpg/device.py b/trezor_agent/gpg/device.py
index 56dad12..123f7f8 100644
--- a/trezor_agent/gpg/device.py
+++ b/trezor_agent/gpg/device.py
@@ -37,6 +37,9 @@ class HardwareSigner(object):
         """Sign the digest and return a serialized signature."""
         log.info('please confirm GPG signature on %s for "%s"...',
                  self.client_wrapper.device_name, self.user_id)
+        if self.curve_name == formats.CURVE_NIST256:
+            digest = digest[:32]  # sign the first 256 bits
+        log.debug('signing digest: %s', util.hexlify(digest))
         result = self.client_wrapper.connection.sign_identity(
             identity=self.identity,
             challenge_hidden=digest,