ECC smartcard (was: Cannot decrypt file encrypted with enQsig)

[Peter Lebbing]

On 16/08/18 07:52, Felix E. Klee wrote:
> PS: I’m toying with the idea of switching from my smart card to a
> Trezor hardware token. This would mean generating an entirely new key
> (only 256 bit ECC supported).

I didn't look at the Trezor to check, but I'll assume it allows usage
with GnuPG based on the context you brought it up in.

Note that many OpenPGP peers might not support ECC. You could add ECC
subkeys to your current key, and arrange for peers that support them to
prefer those. That way, anybody able to send you an ECC-encrypted
document could do so, and others could fall back to the RSA encryption
subkey.

For signatures, you'd either still use RSA or accept the fact that only
people with ECC-supporting clients could verify your signatures. The
alternative is signing with both keys; if both are on cards/tokens, that
becomes tiresome really quickly, I'd imagine.

If you add ECC subkeys to your current key, you'd still use an RSA
primary key, without anything elliptic about it.

> OTOH there are several advantages such as the Trezor being a well
> documented open source device

There's also the GnuK, which is free software.

My 2 cents,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180816/567b9a37/attachment.sig>