<div dir="ltr"><div style="font-family:verdana,sans-serif" class="gmail_default"><div class="gmail_default" style="font-family:verdana,sans-serif">Hi,</div><div class="gmail_default" style="font-family:verdana,sans-serif">Not
just sign-only Curve 448 subkey, gpg will fail after any subkey
(RSA/ECC [S]/[E]/[A]/[C]) is created when a keypair is generated with Curve 448.</div><div class="gmail_default" style="font-family:verdana,sans-serif">When gpg fails, how can I recover keys?</div><div class="gmail_default" style="font-family:verdana,sans-serif">This is so important.</div><div class="gmail_default" style="font-family:verdana,sans-serif">This bug will destroy keydb, it is a "big" issue.</div><br></div><div style="font-family:verdana,sans-serif" class="gmail_default">_____________________________________</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 26, 2021 at 4:25 AM NIIBE Yutaka <<a href="mailto:gniibe@fsij.org">gniibe@fsij.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
Thank you for your report.<br>
<br>
William Holmes wrote:<br>
> gpg failed after I created a second sign-only Curve 448 key.<br>
<br>
Please use --quick-add-key instead, while I'm fixing the bug.<br>
<br>
My changes of following commits were not enough.<br>
<br>
2b50f942672d9a2c325a818f21f69d3ee69255d3<br>
36355394d865f5760075e62267d70f7a7d5dd671<br>
<br>
I think that something like this will be needed to apply.<br>
<br>
Please note that 448 keys are not yet standardized as OpenPGP. So,<br>
format for key, signature, encrypted data may be changed in future.<br>
<br>
diff --git a/g10/keygen.c b/g10/keygen.c<br>
index 239e7aca1..cb6487ea3 100644<br>
--- a/g10/keygen.c<br>
+++ b/g10/keygen.c<br>
@@ -5879,7 +5879,12 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,<br>
else if (algo == PUBKEY_ALGO_ECDSA<br>
|| algo == PUBKEY_ALGO_EDDSA<br>
|| algo == PUBKEY_ALGO_ECDH)<br>
- curve = ask_curve (&algo, NULL, NULL);<br>
+ {<br>
+ curve = ask_curve (&algo, NULL, NULL);<br>
+<br>
+ if (curve && (!strcmp (curve, "X448") || !strcmp (curve, "Ed448")))<br>
+ keygen_flags |= KEYGEN_FLAG_CREATE_V5_KEY;<br>
+ }<br>
else<br>
nbits = ask_keysize (algo, 0);<br>
<br>
-- <br>
</blockquote></div></div>