Unattended generation of an ECDSA key using gpg2

Short question

How do I specify an elliptic curve in a gpg2 v2.1.11 parameter file?

Long question

I have successfully used the following bash script to generate an RSA key using gpg2 v2.1.11:

#!/bin/bash
PUBRING_FILE=$(mktemp /tmp/pub.XXXXXX)
CONFIG_FILE=$(mktemp /tmp/config.XXXXXX)
cat >$CONFIG_FILE <<EOF Key-Type: DSA Key-Length: 1024 Subkey-Type: RSA Subkey-Length: 2048 Name-Real: Name Name-Comment: Comment Name-Email: Email Expire-Date: 0 Passphrase: abc %pubring $PUBRING_FILE
EOF
gpg2 --quiet --batch --expert --full-gen-key $CONFIG_FILE

I want to use the same script to generate an ECDSA key. However, when I replace

Subkey-Type: RSA
Subkey-Length: 2048

with

Subkey-Type: ECDSA
Subkey-Length: 256

I get the following error

gpg: key generation failed: Unknown elliptic curve

My configuration file clearly omits the curve, but how can I include it? I.e., how do I specify an elliptic curve in a gpg2 v2.1.11 parameter file?

1 Answer

gpg2 does not know which EC curve you want to use. To fix this, you need to use the Key-Curve option. In your example you should remove the Subkey-Length: 2048 line and add a new Subkey-Curve: [...] option.

Example using the NIST P-256 curve:

cat >$CONFIG_FILE <<EOF Key-Type: DSA Key-Length: 1024 Subkey-Type: ECDSA Subkey-Curve: nistp256 Name-Real: Name Name-Comment: Comment Name-Email: Email Expire-Date: 0 Passphrase: abc %pubring $PUBRING_FILE
EOF

Pop Feed Daily

Unattended generation of an ECDSA key using gpg2

1 Answer

Your Answer

Sign up or log in

Post as a guest

You Might Also Like

Do I have to become a vampire to get the quest kindred judgement?

How To Regen Farm On BTD5 Mobile

Where does the term "dropship" come from? [closed]

Can a single player build a clan dojo?