Le 13.05.20 à 11:54, Damien Goutte-Gattat a écrit :
On Wed, May 13, 2020 at 10:02:14AM +0200, Sylvain Besençon via
Gnupg-users wrote:
RJH's answer sounds like a good piece of advice, but still, at the
end, we HAVE to to choose which algorithm to use when creating new key
pairs.
No you don’t.
You can simply use `gpg --gen-key` and let GnuPG create a keypair with
the default algorithm (which is currently RSA 2048). Only if you call
GnuPG with the `--full-gen-key` command will you be asked to explicitly
choose which type of key of want.
I am not sure to fully grasp the consequences of this... Does that
mean that, if I use Curve 25519, some people won't be able to use my
public key to encrypt stuff?
If their software does not support Curve 25519, yes.
Or does that mean that some people won't be able to read or verify
stuff that I encrypt and signs?
You encrypt messages to your correspondants with *their* public keys, so
the type of *your* key does not matter for that purpose. But they won’t
be able to verify your signatures.
Would it be because they use older versions or because some software
programs don't implement Curve 25519?
Yes. That being said, most modern implementations do seem to support
curve 25519. As far as I know, it is supported at the very least by
* GnuPG (≥ 2.1)
* OpenPGP.js
* Sequoia-PGP
* RNP
… which should already cover most of the OpenPGP user base. Of note, it
is *not* supported by Symantec PGP, though [1].
I guess that Curve 25519 is mentioned in the IETF standard, isn't it?
Not yet. Officially, only the NIST P-256, P-384, and P-521 curves are
part of the standard (since RFC 6637). The first mention of Curve 25519
for OpenPGP was in a draft by Werner in 2014 [2]. The draft never made
it to a RFC but the 25519 curve is now part of the draft for RFC4880bis,
the next revision of the OpenPGP standard [3].
- Damien
[1]
https://knowledge.broadcom.com/external/article/175932/encryption-desktop-cannot-import-ecc-pgp.html
[2] https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-00
[3] https://gitlab.com/openpgp-wg/rfc4880bis
Thanks a lot for all these explanations. It's very useful and
instructive. I appreciate your patience towards my dummy questions..! :)
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
