These days I'm generating some PGP keypairs, and I'm struggling to understand the correct terminology behind ECC keys. Moslty in the differences between ed25519
/cv25519
/ECDSA
/EdDSA
/ECDH
. I tried to check RFC 6637 and this RFC draft without being sure of what I understood.
Let's take a practical example, with RSA first. Let's generate a keypair:
$ gpg --expert --full-gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC and ECC
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
(14) Existing key from card
Your selection? 1
What keysize do you want? (3072) 4096
What keysize do you want for the subkey? (3072) 4096
...
$ gpg -K
-----------------------
sec rsa4096 2023-03-07 [SC]
25EBF40DBE88FB395372A1D63F834EC009DB09B3
uid [ultimate] John Doe <john@doe.org>
ssb rsa4096 2023-03-07 [E]
Here I think it's correct to say I generated a key using the RSA 4096 algorithm, with a subkey dedicated to Encryption ([E]
) which is also using the RSA 4096 algorithm (correct me if I'm wrong).
Now let's do the same with Elliptic Curve Cryptography:
$ gpg --expert --full-gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC and ECC
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
(14) Existing key from card
Your selection? 9
Please select which elliptic curve you want:
(1) Curve 25519
(3) NIST P-256
(4) NIST P-384
(5) NIST P-521
(6) Brainpool P-256
(7) Brainpool P-384
(8) Brainpool P-512
(9) secp256k1
Your selection? 1
...
$ gpg -K
-----------------------
pub ed25519 2023-03-07 [SC]
448940C5335D1D278788F4AF67336C97696A1BE0
uid John Doe <john@doe.org>
sub cv25519 2023-03-07 [E]
What do I have here ?
If I refer to this RFC draft section:
I understand that I have a key using the Ed25519
curve (so EdDSA
algo ?), with a subkey dedicated to Encryption ([E]
) which is using the curve Curve25519
(so ECDH
algo ?).
My question is: If I want someone to generate a PGP keypair using the 2nd method (with (9) ECC and ECC
as a key kind) that will be used for encryption only, what should I ask him ? "Give me your public key that must be an ECDH one ?"