On Thu, 12 Sep 2013 07:35, [email protected] said: > GnuPG 2.1 (still currently in beta, afaict) is the first version to > include ECC support for OpenPGP. the 2.0.x branch does not include ECC
Right. There are no plans to support it in older versions. 2.1 also has a feature to work without the pinentry, which should mitigate most concerns about switching to GnuPG-2. However, if at some time ECC would really take off, we might backport it to 1.4 if we could agree to change 1.4 to make use of Libgcrypt. The ECC support is actually ready for use but in the light of the recent news it might make sense to change the default curves. Fortunately I insisted during the specification phase that the format allows OIDs to specify the curve and not just the few Suite-B curves. The easiest way to switch to different curves would be the use of the somewhat slower Brainpool curves: We have already full support in Libgcrypt for them, thus changing it in GnuPG would be easy (it is mainly the key generation menu which maps desired key lengths to a curve). There are two other developments which should be considered: - Andrey is working on a more compact representation of keys and signatures which don't violate the compression patent (which anyway expires mid next year). - I am thinking to switch to Curve25519 based algorithms. They have been developed by Dan Bernstein et al. and are considered a sound design. I am currently working on the implementation of the signature scheme in Libgcrypt. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
