Generate Elliptic Curve (ECC) pgp key in C# and VB.NET -PGP examples with .NET

In this chapter we will introduce the rather new Elliptic Curve Cryptography (ECC or EC for short) OpenPGP keys.

1. What are Elliptic Curve OpenPGP keys?
2. Example code
3. Compatibility Notes
4. Async code

What are Elliptic Curve OpenPGP keys?

ECC keys are rather new to the OpenPGP standard. They were first defined in RFC 6637. This extension of the OpenPGP standard defines only three NIST approved curves. Later the open source GnuPG software added three Brainpool curves (defined in RFC 5639).

Encryption with EC keys is based on the Elliptic Curve Diffie-Hellman (ECDH) key agreement protocol. Signing with EC keys is based on the Elliptic Curve DSA (ECDSA) algorithm.

The encryption with EC OpenPGP keys is considered to be much more secure compared to the current RSA and Elgamal (DH/DSS) keys.

Supported EC curves

Currently, DidiSoft OpenPGP library for .NET supports ECC keys based on these elliptic curves:

NIST P-256 (DidiSoft.Pgp.EcCurve.P256)
NIST-384 (DidiSoft.Pgp.EcCurve.P384)
NIST-521 (DidiSoft.Pgp.EcCurve.P521)
Brainpool 256 bit (DidiSoft.Pgp.EcCurve.Brainpool256)
Brainpool 384 bit (DidiSoft.Pgp.EcCurve.Brainpool384)
Brainpool 512 bit (DidiSoft.Pgp.EcCurve.Brainpool512)
EdDsa over Curve-25519 (DidiSoft.Pgp.EcCurve.EdDsa) New!
Curve-25519 (DidiSoft.Pgp.EcCurve.Curve25519) New!

Key generation speed

The key generation of EC keys is much faster compared to the traditional RSA and DH/DSS keys.

An RSA key of strength 4096 bits requires more than 20 seconds, whereas an Elliptic Curve key pair is created in less than a second.

Example Code

The key generation is invoked by the methods GenerateEccKeyPair defined in the KeyStore and PGPKeyPair classes.

Below is a short example that illustrates how to generate EC OpenPGP keys with the library.

C# example

using System;
using DidiSoft.Pgp;
 
public class GenerateEccKeyPairDemo
{
   public void Demo()			
   {
       KeyStore ks = new KeyStore();
 
       // EC curve for this key   
       EcCurve curve = EcCurve.P521;
       // primary User Id of the key
       string userId = "Demo <demo@didisoft.com>";
       // password for the private key
       string privateKeyPassword = "changeit";
 
       KeyPairInformation newKey = ks.GenerateEccKeyPair(curve, userId, privateKeyPassword);
   }
}

VB.NET example

Imports System
Imports DidiSoft.Pgp
 
Public Class GenerateEccKeyPairDemo
   Public Sub Test()
       Dim ks As New KeyStore()
 
       '  EC curve for this key
       Dim curve As EcCurve = EcCurve.P521
       ' primary User Id of the key
       Dim userId As String = "Demo <demo@didisoft.com>"
       ' password for the private key
       Dim privateKeyPassword As String = "changeit"
 
       Dim newKey As KeyPairInformation = ks.GenerateEccKeyPair(curve, userId, privateKeyPassword)
   End Sub
End Class

The example code above will generate keys with no expiration date and predefined preferred algorithms for compression, hash function, and symmetric encryption. If you wish to specify manually those algorithms, please check one of the overloaded versions of the method GenerateEccKeyPair.

After the key generation, the keys can be exported from the KeyStore or you can directly generate a key in a PGPKeyPair object and export them from there.

Compatibility Issues

ECC OpenPGP keys were first introduced in version 1.7.7 of DidiSoft OpenPGP Library for .NET

Elliptic curves OpenPGP keys are supported only by newer OpenPGP implementations like is Symantec (r) PGP Command Line v. 10.2. and upper versions and GnuPG version 2.1 and above. Attempts to use ECC OpenPGP keys with older software usually fails with error messages. For example, if you try to use such keys with older versions of our library you will receive exceptions with the message: “unknown PGP public key algorithm encountered“.

Curve-25519 and EdDsa over Curve 25519 are available as of version 1.9.3.

Async support

In order to create a key pair asynchronously, we have to use the DidiSoft.Pgp.KeyStoreAsync class which provides the same key creation methods with Async suffixes.

Summary

In this chapter, we have introduced the Elliptic Curve (EC) OpenPGP keys. The EC OpenPGP keys are still not adopted by the major OpenPGP software implementations but they will hopefully get traction soon.

They are considered superior in terms of cryptography security to the currently widespread RSA and DH/DSS keys.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Generate Elliptic Curve (ECC) pgp key in C# and VB.NET