On Wed, May 13, 2020 at 10:02:14AM +0200, Sylvain Besençon via Gnupg-users wrote:
RJH's answer sounds like a good piece of advice, but still, at the end, we HAVE to to choose which algorithm to use when creating new key pairs.
No you don’t.You can simply use `gpg --gen-key` and let GnuPG create a keypair with the default algorithm (which is currently RSA 2048). Only if you call GnuPG with the `--full-gen-key` command will you be asked to explicitly choose which type of key of want.
I am not sure to fully grasp the consequences of this... Does that mean that, if I use Curve 25519, some people won't be able to use my public key to encrypt stuff?
If their software does not support Curve 25519, yes.
Or does that mean that some people won't be able to read or verify stuff that I encrypt and signs?
You encrypt messages to your correspondants with *their* public keys, so the type of *your* key does not matter for that purpose. But they won’t be able to verify your signatures.
Would it be because they use older versions or because some software programs don't implement Curve 25519?
Yes. That being said, most modern implementations do seem to support curve 25519. As far as I know, it is supported at the very least by
* GnuPG (≥ 2.1) * OpenPGP.js * Sequoia-PGP * RNP… which should already cover most of the OpenPGP user base. Of note, it is *not* supported by Symantec PGP, though [1].
I guess that Curve 25519 is mentioned in the IETF standard, isn't it?
Not yet. Officially, only the NIST P-256, P-384, and P-521 curves are part of the standard (since RFC 6637). The first mention of Curve 25519 for OpenPGP was in a draft by Werner in 2014 [2]. The draft never made it to a RFC but the 25519 curve is now part of the draft for RFC4880bis, the next revision of the OpenPGP standard [3].
- Damien[1] https://knowledge.broadcom.com/external/article/175932/encryption-desktop-cannot-import-ecc-pgp.html
[2] https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-00 [3] https://gitlab.com/openpgp-wg/rfc4880bis
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
