How to generate non-bad cv25519 encryption key?

theaetetos at theaetetos at
Tue Aug 23 10:44:52 CEST 2022

Hi, Ingo.

Aug 22, 2022, 21:07 by kloecker at

>> gpg2 --version
>> >
>> >gpg (GnuPG) 2.3.3
>> >libgcrypt 1.9.4
> The solution is easy: Use gpg 2.3.7.

Are you sure this should suffice? I went back and rebuilt my libgcrypt and GnuPG to the latest stable versions and I still get this warning message whenever I import a generated cv25519 key into GnuPG.

$ gpg --version
gpg (GnuPG) 2.3.7
libgcrypt 1.10.1

A sample from a minute ago - importing a freshly-generated ed25519/cv25519 into a cleaned .gnupg directory:

$ gpg --import sec_key.asc
gpg: Die "Keybox" `/home/patriv/.gnupg/pubring.kbx' wurde erstellt
gpg: /home/patriv/.gnupg/trustdb.gpg: trust-db erzeugt
gpg: Schlüssel 0xA329C3915147EE22: Öffentlicher Schlüssel "a at a.a" importiert
gpg: warning: lower 3 bits of the secret key are not cleared
gpg: Schlüssel 0xA329C3915147EE22: geheimer Schlüssel importiert
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg:                              importiert: 1
gpg:              gelesene geheime Schlüssel: 1
gpg:            geheime Schlüssel importiert: 1

$ gpg --list-keys
pub   ed25519/0xA329C3915147EE22 2022-08-23 [SC] [verfällt: 2023-08-23]
  Schl.-Fingerabdruck = 7B3D 88CF 8496 94CF 76BF  F0D6 A329 C391 5147 EE22
uid                [ unbekannt ] a at a.a
sub   cv25519/0xCD8D3BE3BC5604AA 2022-08-23 [E] [verfällt: 2023-08-23]

Best regards,

More information about the Gnupg-users mailing list