Comparison of RSA vs elliptical keys

Sylvain Besençon sylvain.besencon at unifr.ch
Wed May 13 15:34:54 CEST 2020 

Le 13.05.20 à 11:54, Damien Goutte-Gattat a écrit :
> On Wed, May 13, 2020 at 10:02:14AM +0200, Sylvain Besençon via 
> Gnupg-users wrote:
>> RJH's answer sounds like a good piece of advice, but still, at the 
>> end, we HAVE to to choose which algorithm to use when creating new key 
>> pairs.
> 
> No you don’t.
> 
> You can simply use `gpg --gen-key` and let GnuPG create a keypair with 
> the default algorithm (which is currently RSA 2048). Only if you call 
> GnuPG with the `--full-gen-key` command will you be asked to explicitly 
> choose which type of key of want.
> 
> 
>> I am not sure to fully grasp the consequences of this... Does that 
>> mean that, if I use Curve 25519, some people won't be able to use my 
>> public key to encrypt stuff?
> 
> If their software does not support Curve 25519, yes.
> 
> 
>> Or does that mean that some people won't be able to read or verify 
>> stuff that I encrypt and signs?
> 
> You encrypt messages to your correspondants with *their* public keys, so 
> the type of *your* key does not matter for that purpose. But they won’t 
> be able to verify your signatures.
> 
> 
>> Would it be because they use older versions or because some software 
>> programs don't implement Curve 25519?
> 
> Yes. That being said, most modern implementations do seem to support 
> curve 25519. As far as I know, it is supported at the very least by
> 
> * GnuPG (≥ 2.1)
> * OpenPGP.js
> * Sequoia-PGP
> * RNP
> 
> … which should already cover most of the OpenPGP user base. Of note, it 
> is *not* supported by Symantec PGP, though [1].
> 
> 
>> I guess that Curve 25519 is mentioned in the IETF standard, isn't it?
> 
> Not yet. Officially, only the NIST P-256, P-384, and P-521 curves are 
> part of the standard (since RFC 6637). The first mention of Curve 25519 
> for OpenPGP was in a draft by Werner in 2014 [2]. The draft never made 
> it to a RFC but the 25519 curve is now part of the draft for RFC4880bis, 
> the next revision of the OpenPGP standard [3].
> 
> 
> - Damien
> 
> [1] 
> https://knowledge.broadcom.com/external/article/175932/encryption-desktop-cannot-import-ecc-pgp.html 
> 
> 
> [2] https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-00
> 
> [3] https://gitlab.com/openpgp-wg/rfc4880bis

Thanks a lot for all these explanations. It's very useful and 
instructive. I appreciate your patience towards my dummy questions..! :)

More information about the Gnupg-users mailing list