On Wed, 13 May 2020 10:54, Damien Goutte-Gattat said: > Not yet. Officially, only the NIST P-256, P-384, and P-521 curves are > part of the standard (since RFC 6637). The first mention of Curve
RFC-6637 allows for arbitrary curves because curves are specified using an ASN.1 OID. So for example the Brainpool curves can as well be used. The problem is similar to using RSA (which was optional in the old OpenPGP specs) or to use large RSA keys or even RSA keys which odd lengths on which some implementations choke. For a public key algorithm we unfortunately can't use the preference system. The worst thing which can happen to a user is that they can't verify a signature or encrypt to a key. But there are no backward compatibility issues related to data etc. > 25519 for OpenPGP was in a draft by Werner in 2014 [2]. The draft > never made it to a RFC but the 25519 curve is now part of the draft For Ed25519 we actually added a new algorithm id so that it is indeed not covered by RFC-6637. Anyway, the two Curve22519 algorithms (ed25519 for signing, and cv25519 for encryption) are available in GnuPG as "future-default". Given that older GnuPG versions reached end-of-life 2.5 years ago I consider it okay to change the default and create new keys using ed25519/cv25519. GnuPG master, which will eventually be 2.3, uses them as default. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users