Re: How to batch generate ECC key

2017-12-29 Thread Daniel Kahn Gillmor 
On Fri 2017-12-29 01:18:27 +0100, Rezart Qelibari für GnuPG wrote:

> I want to batch generate a key using an ECC algorithm using the following 
> command:  
>
> $ cat config.txt | gpg —-batch —generate-key  

for modern gnupg, i think what you want is:

   gpg --quick-gen-key 'alice ' ed25519

and then, taking the generated fingerprint as $FPR, do:

   gpg --quick-add-key $FPR cv25519 encrypt

this is documented in the gpg(1) man page.

Normally, i'd just have suggested to use just quick-gen-key's
"futuredefault", but i just ran into:

   https://dev.gnupg.org/T3655

while testing, so i'm giving you the more complicated version here..

hth,

 --dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to batch generate ECC key

2017-12-29 Thread Werner Koch 
On Fri, 29 Dec 2017 16:53, gnupg-kont...@rezart.qelibari.de said:
> Thank you so much! This did the trick! I am very impressed.

I just added a mapping from the displayed names to the canonical names.
Thus with the next release (2.2.5) "ed25519" and "cv25519" should work.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpaU2wQeH_OE.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to batch generate ECC key

2017-12-29 Thread Rezart Qelibari für GnuPG 
Thank you so much! This did the trick! I am very impressed.

I don’t want to bother you too much, but maybe you can answer me the two 
follow-up questions:

- How did you find out the protocol names, especially the upper case „E“ of 
„Ed25519“ and that „cv25519“ is actually named „Curve25519“? Although „gpg 
--expert --full-generate-key“ correctly states  „Curve 25519“, „gpg -k“ still 
yields „cv25519“. I find this behaviour very strange and unwisely.

- Why do the algorithm ids (22 for „Ed25519“ and 18 for „Curve25519“) not work?

In both cases I looked up both gpg and libgcrypt documentations and found no 
hint on that behaviour at all.

On 29. December 2017 at 15:16:07, Kristian Fiskerstrand 
(kristian.fiskerstr...@sumptuouscapital.com) wrote:

try:  
$ cat config.txt  
Key-Type: eddsa  
...___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to batch generate ECC key

2017-12-29 Thread Kristian Fiskerstrand 
On 12/29/2017 04:53 PM, Rezart Qelibari für GnuPG wrote:
> - How did you find out the protocol names, especially the upper case „E“
> of „Ed25519“ and that „cv25519“ is actually named „Curve25519“? Although
> „gpg --expert --full-generate-key“ correctly states  „Curve 25519“, „gpg
> -k“ still yields „cv25519“. I find this behaviour very strange and unwisely.

The short answer is libgcrypt's cipher/ecc-curves.c , see line 45/46 for
mapping of shortnames to OIDs. Now, I agree this should at least be
case-insensitive, but there might be a feature request open for that
already :)

> 
> - Why do the algorithm ids (22 for „Ed25519“ and 18 for „Curve25519“)
> not work?

Algorithm IDs are not directly tied to curves, so that would be more
related to Key-Type than Key-Curve (and corresponding subkey), not the OIDs.

-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

"If you are successful, you may win false friends and true enemies.
Succeed anyway."
(Mother Teresa)



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to batch generate ECC key

2017-12-29 Thread Kristian Fiskerstrand 
On 12/29/2017 01:18 AM, Rezart Qelibari für GnuPG wrote:
> Does anyone know what exactly goes wrong here?

try:
$ cat config.txt
Key-Type: eddsa
Key-Curve: Ed25519
Key-Usage: sign
Subkey-Type: ecdh
Subkey-Curve: Curve25519
Subkey-Usage: encrypt
Passphrase: somepassword
Name-Real: Some Real Name
Name-Email: m...@example.com
Creation-Date: 20170801T18
Expire-Date: 0
%commit


-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Cogito ergo sum
I think, therefore I am



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

How to batch generate ECC key

2017-12-29 Thread Rezart Qelibari für GnuPG 
Hi *,

I want to batch generate a key using an ECC algorithm using the following 
command:  

$ cat config.txt | gpg —-batch —generate-key  

config.txt contains the following:  

Key-Type: eddsa  
Key-Curve: ed25519
Key-Usage: sign
Subkey-Type: ecdh
Subkey-Curve: cv25519
Subkey-Usage: encrypt
Passphrase: somepassword
Name-Real: Some Real Name
Name-Email: m...@example.com
Creation-Date: 20170801T18
Expire-Date: 0
%commit

But I always receive the following error:  

gpg: agent_genkey failed: Unknown elliptic curve  
gpg: key generation failed: Unknown elliptic curve

I already tried changing the key type to 22 or 18. Strangely this only happens 
with ed25519 or cv25519 curves while it works for nist p 256 as shown here:
https://askubuntu.com/questions/861978/unattended-gnupg-key-generation-for-ecc/861985

Does anyone know what exactly goes wrong here?
I am using gpg 2.2.4 and libgcrypt 1.8.2.

Best
Rezart

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users