> The thing is, if I create an ECC (ECDSA) secp256k1 primary key with > Sign, Certify capabilities I can also create a subkey with E > capability which is also a secp256k1 key. So, they can be used for > encryption after all, so why can't I just add E capability to the > primary one.
You're confusing the field of numbers in which an algorithm operates with the algorithm itself. It's like confusing a sports car with a tour bus, thinking that since they run on the same roads they're interchangeable. secp256k1 is a certain field of numbers in which elliptical curve operations may be defined. It is not an algorithm. You do not have a secp256k1 key. You have an ECDSA key which operates in the curve defined by secp256k1. When you "create a subkey with E capability", you're creating an ECDH subkey operating in secp256k1. It's a completely different algorithm that happens to operate in the same numerical space. Different cars, different capabilities, same roads; different keys, different capabilities, same curve. ECDSA/EdDSA cannot encrypt. ECDH cannot sign or certify. Your primary key must be able to make certifications. So that means if you want to use ECC, your primary key must be ECDSA/EdDSA, and you will never be able to make it into an encryption-capable primary key.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
