Hi all, probably a newbie question: I have just been trying to create a curve 25519 subkey for encryption (I have already a RSA key for encryption-only and a c25519 for sign/auth). However, when going for the ECC encryption only fails always for me due to an invalid flag [1]? (gpg2 2.1.9, libgcrypt 1.6.4 on Fedora 23 on 4.2.8-300)
Actually, setting own capabilities for elliptic curves only offers
signing and authentification as switchable options but no encryption?
Maybe I did not get ECC correctly, but I assumed that ECC should in
general fit all three uses, or?
Cheers and thanks for ideas,
Thomas
[1]
gpg2 --homedir=/FOOPATH/gnupg --expert --edit-key 0xLONGMASTERID
gpg (GnuPG) 2.1.9; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec ed25519/0xLONGMASTERID
created: 2016-01-07 expires: 2023-01-05 usage: SCA
trust: ultimate validity: ultimate
ssb rsa4096/0xLONGSUBID
created: 2016-01-07 expires: 2022-01-05 usage: E
ssb ed25519/0xLONGSUBID2
created: 2016-01-07 expires: 2022-01-05 usage: SA
[ultimate] (1). Thomas Hartmann <thomas.hartm...@desy.de>
gpg> addkey
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(12) ECC (encrypt only)
(13) Existing key
Your selection? 12
Please select which elliptic curve you want:
(1) Curve 25519
(2) NIST P-256
(3) NIST P-384
(4) NIST P-521
Your selection? 1
gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard.
Use this curve anyway? (y/N) y
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 6y
Key expires at Wed Jan 5 17:06:52 2022 CET
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: Invalid flag
gpg: Key generation failed: Invalid flag
gpg> save
Key not changed so no update needed.
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
