ECC curves used in gnupg?

Michael Anders micha137 at
Wed Dec 18 09:21:33 CET 2013

On Tue, 2013-12-17 at 13:01 -0600, Anthony Papillion wrote:
> I know that gnupg is experimenting with ECC and I'm wondering which
> curves the team has decided to use. I know there are some curves that
> are now suspected of being tainted by the NSA through NIST. Has the
> gnupg team ruled using those curves out?

Wouldn't it be nice to include ecc curves up to 1024 bit(ecc brainpool
gives you 512 bit at most, maryland 521). 
I calculated the parameters last year(no ties to maryland) and they are
free for noncommercial use ;-)

They can be found here:

In the ECC software "Academic Signature" -which contains a minimalistic
GnuPG GUI by the way- you can check their sanity, including the MOV

There has been a thread on insecure GnuPG defaults lately. (SHA1
hmmmm....) Please keep in mind that (to my knowledge) maryland does
allow the export of ecc software up to 256 bit if in the "interest of
national security". So why not exclude bit sizes smaller than 256 from
the very beginning.


More information about the Gnupg-users mailing list