Short question

How do I specify an elliptic curve in a gpg2 v2.1.11 parameter file?

Long question

I have successfully used the following bash script to generate an RSA key using gpg2 v2.1.11:

#!/bin/bash
PUBRING_FILE=$(mktemp /tmp/pub.XXXXXX)
CONFIG_FILE=$(mktemp /tmp/config.XXXXXX)
cat >$CONFIG_FILE <<EOF Key-Type: DSA Key-Length: 1024 Subkey-Type: RSA Subkey-Length: 2048 Name-Real: Name Name-Comment: Comment Name-Email: Email Expire-Date: 0 Passphrase: abc %pubring $PUBRING_FILE
EOF
gpg2 --quiet --batch --expert --full-gen-key $CONFIG_FILE

I want to use the same script to generate an ECDSA key. However, when I replace

Subkey-Type: RSA
Subkey-Length: 2048

with

Subkey-Type: ECDSA
Subkey-Length: 256

I get the following error

gpg: key generation failed: Unknown elliptic curve

My configuration file clearly omits the curve, but how can I include it? I.e., how do I specify an elliptic curve in a gpg2 v2.1.11 parameter file?

2

1 Answer

gpg2 does not know which EC curve you want to use. To fix this, you need to use the Key-Curve option. In your example you should remove the Subkey-Length: 2048 line and add a new Subkey-Curve: [...] option.

Example using the NIST P-256 curve:

cat >$CONFIG_FILE <<EOF Key-Type: DSA Key-Length: 1024 Subkey-Type: ECDSA Subkey-Curve: nistp256 Name-Real: Name Name-Comment: Comment Name-Email: Email Expire-Date: 0 Passphrase: abc %pubring $PUBRING_FILE
EOF

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.