Choice of ECC curve on usb token

Phil Pennock gnupg-users at
Sat Jun 30 01:51:07 CEST 2018

On 2018-06-29 at 18:07 +0200, Damien Cassou wrote:
> NIIBE Yutaka <gniibe at> writes:
> > Why not Curve25519, if you use ECC?
> I'm not sure I want ECC after reading this:

Curve25519 is not NIST ECC.  It is ECC.

"ECC" = "Elliptic Curve Cryptography", it covers an entire class of "how
public/private pairs are related and calculated".

There are various different algorithms within ECC.  Some of those are
published by NIST, with input from various agencies, and there is
reasonable concern as to the provenance of the specifications, as that
page notes.

The IETF, amongst other groups, has been moving towards Curve25519 for
public key cryptography because it is ECC and it's not NIST.  It
currently looks, with a wet finger in the air and an array of chicken
entrails before us, from every known species of chicken, as though
Curve25519 is likely to be good for a while to come; up until the much
heralded practical quantum computers one day arrive and possibly change

So for new deployments today, where interoperability with ancient
OpenPGP implementations (such as GnuPG v1) is not a concern, you're
probably looking at Curve25519 and, if eager, keeping half an eye on the
news about post-quantum cryptography for the next step after that.

If you need more specific guidance than that, pay a professional
cryptographer to analyse your requirements and make a recommendation.


More information about the Gnupg-users mailing list