Re: Creating encryption subkey with C25519 fails [gpg2 2.1.9, libgcrypt 1.6.4]

2016-01-08 Thread Thomas Hartmann 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Ah, OK

many thanks for the info!
I got confused with the option already available in gpg2 --expert

Cheers and thanks,
  Thomas

Am 07.01.2016 um 18:13 schrieb Kristian Fiskerstrand:
> On 01/07/2016 05:17 PM, Thomas Hartmann wrote:
>> Hi all,
> 
>> probably a newbie question: I have just been trying to create a 
>> curve 25519 subkey for encryption (I have already a RSA key for 
>> encryption-only and a c25519 for sign/auth). However, when going 
>> for the ECC encryption only fails always for me due to an
>> invalid flag [1]? (gpg2 2.1.9, libgcrypt 1.6.4 on Fedora 23 on
>> 4.2.8-300)
> 
> you need libgcrypt 1.7 (git master) for curve25519 encryption
> 
> 
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EARYKAAYFAlaPxjkACgkQxra5y5ss1GsWEQEAo91LaZILlsvLI5KQMsPPlNJU
PKj12rwdo/6Gkk8IZIcA/3+xlRLu8kQ//PE2zCMhwTkggDWljuLH98G1eFmJTmkE
=jG+G
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Creating encryption subkey with C25519 fails [gpg2 2.1.9, libgcrypt 1.6.4]

2016-01-07 Thread Thomas Hartmann 
Hi all,

probably a newbie question: I have just been trying to create a curve
25519 subkey for encryption (I have already a RSA key for
encryption-only and a c25519 for sign/auth). However, when going for the
ECC encryption only fails always for me due to an invalid flag [1]?
(gpg2 2.1.9, libgcrypt 1.6.4 on Fedora 23 on 4.2.8-300)

Actually, setting own capabilities for elliptic curves only offers
signing and authentification as switchable options but no encryption?

Maybe I did not get ECC correctly, but I assumed that ECC should in
general fit all three uses, or?

Cheers and thanks for ideas,
  Thomas

[1]
gpg2 --homedir=/FOOPATH/gnupg  --expert --edit-key 0xLONGMASTERID
gpg (GnuPG) 2.1.9; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  ed25519/0xLONGMASTERID
 created: 2016-01-07  expires: 2023-01-05  usage: SCA
 trust: ultimate  validity: ultimate
ssb  rsa4096/0xLONGSUBID
 created: 2016-01-07  expires: 2022-01-05  usage: E
ssb  ed25519/0xLONGSUBID2
 created: 2016-01-07  expires: 2022-01-05  usage: SA
[ultimate] (1). Thomas Hartmann 

gpg> addkey
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (12) ECC (encrypt only)
  (13) Existing key
Your selection? 12
Please select which elliptic curve you want:
   (1) Curve 25519
   (2) NIST P-256
   (3) NIST P-384
   (4) NIST P-521
Your selection? 1
gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard.
Use this curve anyway? (y/N) y
Please specify how long the key should be valid.
 0 = key does not expire
= key expires in n days
  w = key expires in n weeks
  m = key expires in n months
  y = key expires in n years
Key is valid for? (0) 6y
Key expires at Wed Jan  5 17:06:52 2022 CET
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: Invalid flag
gpg: Key generation failed: Invalid flag

gpg> save
Key not changed so no update needed.




Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users