Enabling and using ECC keys (any reason not to?)

Werner Koch wk at gnupg.org
Thu Mar 26 11:05:11 CET 2015

On Thu, 26 Mar 2015 09:59, mike at confidantmail.org said:

> Is there any reason not to start using them? I have been reluctant to
> bundle version 2.1, because once people start using ECC keys, using

There is no deployed base of ECC capable OpenPGP implementation yet.
Thus ECC is not enabled by default becuase it does not make much sense
to ask people to create ECC keys if there is virtually nobody else who
is able to use it.

A second reason is that the plan is to use Ed25519/Curve25519 as the
default ECC curves instead of the NIST curves.  ECDH for Curve25519 is
not yet implemented  

> compatibility thing, or is the security of ECC keys not fully trusted
> yet?

Our ECC implementation might still be subject to side channel attacks
thus if that is part of your threat model you may want to wait a bit
longer.  However mitigating SCA is a never ending cops and gendarme game.

If you do not need to migrate an old inbstallation I would always
suggest to go with 2.1.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list