Creating newer ECC keys for GnuPG

Here is an explanation of how to create your new ECC keys for GnuPG.

GnuPG 2.1.x supports ECC (Elliptic Curve Cryptography). ECC is generic term and security of ECC depends on the curve used. Unfortunately, no one wants to use standardized curve of NIST.

Since GnuPG 2.1.0, we can use Ed25519 for digital signing. Although it is not yet standardized in OpenPGP WG, it's considered safer.

Ed25519 was introduced to OpenSSH already, so, we can use ssh-agent feature of gpg-agent using authentication subkey of OpenPGP. However, there was no encryption support for corresponding curve.

Since GnuPG 2.1.7 of August 2015, encryption by Curve25519 is supported. It is pretty much experimental, because it requires development version of libgcrypt (and not standardized yet).

Anyhow, here is the how to.

Preparation

  • Development version of libgcrypt: git.gnupg.org

    You need to clone the master branch and build and install it by yourself (from source). Here, we assume that it's installed in /usr/local.

  • GnuPG 2.1.7 or later

    In Debian experimental, we have gnupg2 package.

Example session log

Here is an example session log to create newer ECC keys for GnuPG.

At first, we should have LD_LIBRARY_PATH defined. And it is better to kill existing gpg-agent because it doesn't run with LD_LIBRARY_PATH defined.

$ export LD_LIBRARY_PATH=/usr/local/lib
$ gpg-connect-agent KILLAGENT /bye
OK closing connection

Next, we invoke gpg frontend with --expert and --full-gen-key option.

$ gpg2 --expert --full-gen-key
gpg (GnuPG) 2.1.8; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Then, we input 9 to select ECC primary key and ECC encryption subkey.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC and ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
Your selection? 9

Next is the important selection. We input 1 to select "Curve25519".

Please select which elliptic curve you want:
   (1) Curve 25519
   (2) NIST P-256
   (3) NIST P-384
   (4) NIST P-521
   (5) Brainpool P-256
   (6) Brainpool P-384
   (7) Brainpool P-512
   (8) secp256k1
Your selection? 1

You'll see WARNING, but it is what you want.

gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard.
Use this curve anyway? (y/N) y

It asks about expiration of key.

Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

Then, it asks about a user ID.

GnuPG needs to construct a user ID to identify your key.

Real name: Kunisada Chuji
Email address: chuji@gniibe.org
Comment:
You selected this USER-ID:
    "Kunisada Chuji <chuji@gniibe.org>"

Lastly, it asks confirmation.

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

Then, it goes like this.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

It asks the passphrase for keys by pop-up window, and then, finishes.

gpg: key 7C406DB5 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   6  signed:  67  trust: 0-, 0q, 0n, 0m, 0f, 6u
gpg: depth: 1  valid:  67  signed:  40  trust: 67-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2015-12-05
pub   ed25519/7C406DB5 2015-09-11
      Key fingerprint = 608C 9215 646A D2C5 551B  320B 1717 4C1A 7C40 6DB5
uid         [ultimate] Kunisada Chuji <chuji@gniibe.org>
sub   cv25519/DF7B31B1 2015-09-11

$

ed25519/7C406DB5 is the primary key, and cv25519/DF7B31B1 is encryption subkey.

Next, we add authentication subkey which can be used with OpenSSH. We invoke gpg frontend with --edit-key and the key ID.

$ gpg2 --expert --edit-key 7C406DB5
gpg (GnuPG) 2.1.8; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  ed25519/7C406DB5
     created: 2015-09-11  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  cv25519/DF7B31B1
     created: 2015-09-11  expires: never       usage: E
[ultimate] (1). Kunisada Chuji <chuji@gniibe.org>

We invoke addkey subcommand.

gpg> addkey

It asks a kind of key, we input 11 to select ECC for authentication.

Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (12) ECC (encrypt only)
  (13) Existing key
Your selection? 11

and then, we specify "Authenticate" capability.

Possible actions for a ECDSA key: Sign Authenticate
Current allowed actions: Sign

   (S) Toggle the sign capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? a

Possible actions for a ECDSA key: Sign Authenticate
Current allowed actions: Sign Authenticate

   (S) Toggle the sign capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? s

Possible actions for a ECDSA key: Sign Authenticate
Current allowed actions: Authenticate

   (S) Toggle the sign capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? q

Then, it asks which curve. We input 1 for "Curve25519".

Please select which elliptic curve you want:
   (1) Curve 25519
   (2) NIST P-256
   (3) NIST P-384
   (4) NIST P-521
   (5) Brainpool P-256
   (6) Brainpool P-384
   (7) Brainpool P-512
   (8) secp256k1
Your selection? 1

It asks confirmation. We say y.

gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard.
Use this curve anyway? (y/N) y

It asks expiration of the key.

Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

And the confirmation.

Really create? (y/N) y

It goes.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

It asks the passphrase. And done.

sec  ed25519/7C406DB5
     created: 2015-09-11  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  cv25519/DF7B31B1
     created: 2015-09-11  expires: never       usage: E
ssb  ed25519/8679DF5F
     created: 2015-09-11  expires: never       usage: A
[ultimate] (1). Kunisada Chuji <chuji@gniibe.org>

We type save to exit form gpg.

gpg> save
$

Note

In GnuPG 2.1.7, there is a bug for the authentication subkey and ssh-agent feature. Please use GnuPG 2.1.8 or later for use of authentication subkey for SSH.