Where is ECC in gpg2 (specifically gnupg-2.0.21

Roflcopter rookcifer at gmail.com
Tue Sep 17 20:23:56 CEST 2013

I second this motion.  After the recent revelations about NSA shenanigans
regarding NIST and with Bruce Schneier himself saying he is highly
suspicious of NIST curves, I think it behooves the OpenPGP standards group
to think about alternative curves.  Of course, some users of OpenPGP will
need NIST compliance, and that's fine.  It can still be included as long as
the rest of us (who don't like being played for fools) have alternatives

I don't think there is a better place to start than with djb's curve25519. 
It is faster than the NIST curves, can be shown to have "nothing up the
sleeve" and appears to be quite secure.  Djb even gave a talk a number of
years ago where he compared it to NIST curves and even raised his own
suspicions about how those curves were generated.  Moreover, djb has
provided a lot of reference implementations for it (with full C code) on his
site, thus implementation is more of a "will to do it" than a technical

It's good to see that Werner has already made the suggestion to implement
different curves.  Let's hope that the OpenPGP working group agrees with his
recommendation and that we can finally see (non-tampered with) ECC put into
use in Gnupg.

View this message in context: http://gnupg.10057.n7.nabble.com/Support-for-additional-ECC-Curves-in-GnuPG-gcrypt-tp32408p32563.html
Sent from the GnuPG - User mailing list archive at Nabble.com.

More information about the Gnupg-users mailing list