Comparison of RSA vs elliptical keys

Damien Goutte-Gattat dgouttegattat at incenp.org
Wed May 13 11:54:12 CEST 2020 

On Wed, May 13, 2020 at 10:02:14AM +0200, Sylvain Besençon via Gnupg-users wrote:
>RJH's answer sounds like a good piece of advice, but still, at the end, 
>we HAVE to to choose which algorithm to use when creating new key 
>pairs.

No you don’t.

You can simply use `gpg --gen-key` and let GnuPG create a keypair with 
the default algorithm (which is currently RSA 2048). Only if you call 
GnuPG with the `--full-gen-key` command will you be asked to explicitly 
choose which type of key of want.


>I am not sure to fully grasp the consequences of this... Does that mean 
>that, if I use Curve 25519, some people won't be able to use my public 
>key to encrypt stuff?

If their software does not support Curve 25519, yes.


>Or does that mean that some people won't be able to read or verify 
>stuff that I encrypt and signs?

You encrypt messages to your correspondants with *their* public keys, so 
the type of *your* key does not matter for that purpose. But they won’t 
be able to verify your signatures.


>Would it be because they use older versions or because some software 
>programs don't implement Curve 25519?

Yes. That being said, most modern implementations do seem to support 
curve 25519. As far as I know, it is supported at the very least by

* GnuPG (≥ 2.1)
* OpenPGP.js
* Sequoia-PGP
* RNP

… which should already cover most of the OpenPGP user base. Of note, it 
is *not* supported by Symantec PGP, though [1].


>I guess that Curve 25519 is mentioned in the IETF standard, isn't it?

Not yet. Officially, only the NIST P-256, P-384, and P-521 curves are 
part of the standard (since RFC 6637). The first mention of Curve 25519 
for OpenPGP was in a draft by Werner in 2014 [2]. The draft never made 
it to a RFC but the 25519 curve is now part of the draft for RFC4880bis, 
the next revision of the OpenPGP standard [3].


- Damien

[1] 
https://knowledge.broadcom.com/external/article/175932/encryption-desktop-cannot-import-ecc-pgp.html

[2] https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-00

[3] https://gitlab.com/openpgp-wg/rfc4880bis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200513/a2f724b9/attachment.sig>

More information about the Gnupg-users mailing list