Safe curves in gnupg?

Nat Tuck nat at
Tue Feb 18 01:17:41 CET 2014

Apparently GNUPG has recently added elliptic curve support. This is really
important, since the safe RSA key size (2048) is pretty big, and the verys
afe RSA key size (2048) is a bit too big to be reasonable (you can't
include it in a signature, for example).

Unfortunately, it looks like the OpenPGP standard specifies the
NSA-produced elliptic curves. Given the recent situation with Dual_EC_DRBG,
NSA-produced standards are suspect, especially with suspicious constants
like the standard elliptic curves have.

DJB has analyzed the available elliptic curves and recommended some that he
expects to be reasonably safe at .

Does anyone know the status on the inclusion of secure ECC in gnupg?


-- Nat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140217/a7a7d798/attachment.html>

More information about the Gnupg-users mailing list