Creating encryption subkey with C25519 fails [gpg2 2.1.9, libgcrypt 1.6.4]

Thomas Hartmann thomas.hartmann at
Thu Jan 7 17:17:53 CET 2016

Hi all,

probably a newbie question: I have just been trying to create a curve
25519 subkey for encryption (I have already a RSA key for
encryption-only and a c25519 for sign/auth). However, when going for the
ECC encryption only fails always for me due to an invalid flag [1]?
(gpg2 2.1.9, libgcrypt 1.6.4 on Fedora 23 on 4.2.8-300)

Actually, setting own capabilities for elliptic curves only offers
signing and authentification as switchable options but no encryption?

Maybe I did not get ECC correctly, but I assumed that ECC should in
general fit all three uses, or?

Cheers and thanks for ideas,

gpg2 --homedir=/FOOPATH/gnupg  --expert --edit-key 0xLONGMASTERID
gpg (GnuPG) 2.1.9; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  ed25519/0xLONGMASTERID
     created: 2016-01-07  expires: 2023-01-05  usage: SCA
     trust: ultimate      validity: ultimate
ssb  rsa4096/0xLONGSUBID
     created: 2016-01-07  expires: 2022-01-05  usage: E
ssb  ed25519/0xLONGSUBID2
     created: 2016-01-07  expires: 2022-01-05  usage: SA
[ultimate] (1). Thomas Hartmann <thomas.hartmann at>

gpg> addkey
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (12) ECC (encrypt only)
  (13) Existing key
Your selection? 12
Please select which elliptic curve you want:
   (1) Curve 25519
   (2) NIST P-256
   (3) NIST P-384
   (4) NIST P-521
Your selection? 1
gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard.
Use this curve anyway? (y/N) y
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 6y
Key expires at Wed Jan  5 17:06:52 2022 CET
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: Invalid flag
gpg: Key generation failed: Invalid flag

gpg> save
Key not changed so no update needed.

Supported algorithms:
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5095 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20160107/d9ac48e3/attachment.bin>

More information about the Gnupg-users mailing list