Creating encryption subkey with C25519 fails [gpg2 2.1.9, libgcrypt 1.6.4]
thomas.hartmann at desy.de
Thu Jan 7 17:17:53 CET 2016
probably a newbie question: I have just been trying to create a curve
25519 subkey for encryption (I have already a RSA key for
encryption-only and a c25519 for sign/auth). However, when going for the
ECC encryption only fails always for me due to an invalid flag ?
(gpg2 2.1.9, libgcrypt 1.6.4 on Fedora 23 on 4.2.8-300)
Actually, setting own capabilities for elliptic curves only offers
signing and authentification as switchable options but no encryption?
Maybe I did not get ECC correctly, but I assumed that ECC should in
general fit all three uses, or?
Cheers and thanks for ideas,
gpg2 --homedir=/FOOPATH/gnupg --expert --edit-key 0xLONGMASTERID
gpg (GnuPG) 2.1.9; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
created: 2016-01-07 expires: 2023-01-05 usage: SCA
trust: ultimate validity: ultimate
created: 2016-01-07 expires: 2022-01-05 usage: E
created: 2016-01-07 expires: 2022-01-05 usage: SA
[ultimate] (1). Thomas Hartmann <thomas.hartmann at desy.de>
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(12) ECC (encrypt only)
(13) Existing key
Your selection? 12
Please select which elliptic curve you want:
(1) Curve 25519
(2) NIST P-256
(3) NIST P-384
(4) NIST P-521
Your selection? 1
gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard.
Use this curve anyway? (y/N) y
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 6y
Key expires at Wed Jan 5 17:06:52 2022 CET
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: Invalid flag
gpg: Key generation failed: Invalid flag
Key not changed so no update needed.
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5095 bytes
Desc: S/MIME Cryptographic Signature
More information about the Gnupg-users