0

I've been using libgpgme to generate keys in Debian 11. When I re-compile and rerun the same software in Debian 13, I get:

Unknown elliptic curve

I can reproduce this in pure GPG using an example from the manual (scroll to bottom):

$ export GNUPGHOME="$(mktemp -d)" $ cat >foo <<EOF %echo Generating a basic OpenPGP key Key-Type: default Subkey-Type: default Name-Real: Joe Tester Name-Comment: with stupid passphrase Name-Email: [email protected] Expire-Date: 0 Passphrase: abc %commit %echo done EOF $ gpg --batch --generate-key foo gpg: keybox '/tmp/tmp.2EKRv57gsQ/pubring.kbx' created gpg: Generating a basic OpenPGP key gpg: key generation failed: Unknown elliptic curve gpg: done
Improve this question

1 Answer 1

Reset to default
1

In debian 11, the Key-Type:default implies Key-Type:RSA. Key-Length is applicable to RSA, but defaults to 3072, so it doesn't have to be set.

In debian 13, default appears to have changed to Key-Type:eddsa. EEC keys like Key-Type:eddsa require Key-Curve: and since that isn't specified, and there is no default, we get the error.

Solution:

Specify the Key-Type: RSA and Key-Length: 3072

<GnupgKeyParms format="internal"> Key-Type: RSA Key-Length: 3072 Subkey-Type: RSA Subkey-Length: 3072 Name-Real: xxx Name-Comment: Comment Name-Email: [email protected] Expire-Date: 0 Passphrase: xxx </GnupgKeyParms>

I choose this solution because if the software needs to continue running on Debian 11, it is sure to be reverse compatible.

Key-Curve: default is also an unknown elliptic curve. I was hoping this would work because the docs suggest Key-Curve is ignored by types that don't need it.

I also understand that Key-Type: default/Key-Curve: Ed25519 could also work, but I don't know how well that parameters-set will work on older versions of GPG.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.