Enabling and using ECC keys (any reason not to?)
martin-gnupg-users at dkyb.de
Fri Mar 27 14:21:00 CET 2015
On 26.03.2015 18:40, Pete Stephenson wrote:
> People have raised concerns about the NIST curves, but they are part
> of the RFC 6637 standard so compliant programs must implement P-256,
> may implement P-384, and should implement P-521.
> To address potential concerns with the NIST curves, GnuPG also
> supports the Brainpool curves which are similar in structure to the
> NIST curves but use parameters chosen from nothing-up-my-sleeve
> numbers and so should be reasonably trustworthy. Still, the structure
> of such curves leaves a bit to be desired (see
> http://safecurves.cr.yp.to/ for details, I'm hardly an expert).
I just did a quick search but didn't find anything. But as a general
question, why is it not possible to use two different encryptions keys
and use a cascade two layer encryption? E.g. truecrypt offered something
similar for up to 3 different encryption methods.
So especially when introducing new algorithms which might be tampered
with, using e.g. an old style RSA Key as one layer and ECC as a second
should help against this. Or am I missing something here?
More information about the Gnupg-users