Where is ECC in gpg2 (specifically gnupg-2.0.21

Werner Koch wk at gnupg.org
Fri Sep 13 08:52:47 CEST 2013

On Thu, 12 Sep 2013 07:35, dkg at fifthhorseman.net said:

> GnuPG 2.1 (still currently in beta, afaict) is the first version to
> include ECC support for OpenPGP.  the 2.0.x branch does not include ECC

Right.  There are no plans to support it in older versions.  2.1 also
has a feature to work without the pinentry, which should mitigate most
concerns about switching to GnuPG-2.  However, if at some time ECC would
really take off, we might backport it to 1.4 if we could agree to change
1.4 to make use of Libgcrypt.

The ECC support is actually ready for use but in the light of
the recent news it might make sense to change the default curves.
Fortunately I insisted during the specification phase that the format
allows OIDs to specify the curve and not just the few Suite-B curves.
The easiest way to switch to different curves would be the use of the
somewhat slower Brainpool curves: We have already full support in
Libgcrypt for them, thus changing it in GnuPG would be easy (it is
mainly the key generation menu which maps desired key lengths to a

There are two other developments which should be considered:

 - Andrey is working on a more compact representation of keys and
   signatures which don't violate the compression patent (which anyway
   expires mid next year).

 - I am thinking to switch to Curve25519 based algorithms.  They have
   been developed by Dan Bernstein et al. and are considered a sound
   design.  I am currently working on the implementation of the signature
   scheme in Libgcrypt.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list