Re: How to batch generate ECC key
On Fri 2017-12-29 01:18:27 +0100, Rezart Qelibari für GnuPG wrote: > I want to batch generate a key using an ECC algorithm using the following > command: > > $ cat config.txt | gpg —-batch —generate-key for modern gnupg, i think what you want is: gpg --quick-gen-key 'alice' ed25519 and then, taking the generated fingerprint as $FPR, do: gpg --quick-add-key $FPR cv25519 encrypt this is documented in the gpg(1) man page. Normally, i'd just have suggested to use just quick-gen-key's "futuredefault", but i just ran into: https://dev.gnupg.org/T3655 while testing, so i'm giving you the more complicated version here.. hth, --dkg signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to batch generate ECC key
On Fri, 29 Dec 2017 16:53, gnupg-kont...@rezart.qelibari.de said: > Thank you so much! This did the trick! I am very impressed. I just added a mapping from the displayed names to the canonical names. Thus with the next release (2.2.5) "ed25519" and "cv25519" should work. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpaU2wQeH_OE.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to batch generate ECC key
Thank you so much! This did the trick! I am very impressed. I don’t want to bother you too much, but maybe you can answer me the two follow-up questions: - How did you find out the protocol names, especially the upper case „E“ of „Ed25519“ and that „cv25519“ is actually named „Curve25519“? Although „gpg --expert --full-generate-key“ correctly states „Curve 25519“, „gpg -k“ still yields „cv25519“. I find this behaviour very strange and unwisely. - Why do the algorithm ids (22 for „Ed25519“ and 18 for „Curve25519“) not work? In both cases I looked up both gpg and libgcrypt documentations and found no hint on that behaviour at all. On 29. December 2017 at 15:16:07, Kristian Fiskerstrand (kristian.fiskerstr...@sumptuouscapital.com) wrote: try: $ cat config.txt Key-Type: eddsa ...___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to batch generate ECC key
On 12/29/2017 04:53 PM, Rezart Qelibari für GnuPG wrote: > - How did you find out the protocol names, especially the upper case „E“ > of „Ed25519“ and that „cv25519“ is actually named „Curve25519“? Although > „gpg --expert --full-generate-key“ correctly states „Curve 25519“, „gpg > -k“ still yields „cv25519“. I find this behaviour very strange and unwisely. The short answer is libgcrypt's cipher/ecc-curves.c , see line 45/46 for mapping of shortnames to OIDs. Now, I agree this should at least be case-insensitive, but there might be a feature request open for that already :) > > - Why do the algorithm ids (22 for „Ed25519“ and 18 for „Curve25519“) > not work? Algorithm IDs are not directly tied to curves, so that would be more related to Key-Type than Key-Curve (and corresponding subkey), not the OIDs. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "If you are successful, you may win false friends and true enemies. Succeed anyway." (Mother Teresa) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to batch generate ECC key
On 12/29/2017 01:18 AM, Rezart Qelibari für GnuPG wrote: > Does anyone know what exactly goes wrong here? try: $ cat config.txt Key-Type: eddsa Key-Curve: Ed25519 Key-Usage: sign Subkey-Type: ecdh Subkey-Curve: Curve25519 Subkey-Usage: encrypt Passphrase: somepassword Name-Real: Some Real Name Name-Email: m...@example.com Creation-Date: 20170801T18 Expire-Date: 0 %commit -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Cogito ergo sum I think, therefore I am signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How to batch generate ECC key
Hi *, I want to batch generate a key using an ECC algorithm using the following command: $ cat config.txt | gpg —-batch —generate-key config.txt contains the following: Key-Type: eddsa Key-Curve: ed25519 Key-Usage: sign Subkey-Type: ecdh Subkey-Curve: cv25519 Subkey-Usage: encrypt Passphrase: somepassword Name-Real: Some Real Name Name-Email: m...@example.com Creation-Date: 20170801T18 Expire-Date: 0 %commit But I always receive the following error: gpg: agent_genkey failed: Unknown elliptic curve gpg: key generation failed: Unknown elliptic curve I already tried changing the key type to 22 or 18. Strangely this only happens with ed25519 or cv25519 curves while it works for nist p 256 as shown here: https://askubuntu.com/questions/861978/unattended-gnupg-key-generation-for-ecc/861985 Does anyone know what exactly goes wrong here? I am using gpg 2.2.4 and libgcrypt 1.8.2. Best Rezart ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users