Hi!
Using the curve brainpoolP512r1 to generate subkeys for signing and verification for a key reports an error, using the following command:
printf "$pass" | \
gpg --batch --pinentry-mode=loopback --passphrase-fd 0 \
--quick-add-key $fpr brainpoolP512r1 sign 0
Output:
gpg: Key generation failed: Wrong key usage
The brainpoolP512r1 curve supports signing and encryption via ECC - GnuPG wiki. In the above command, subkeys can be generated normally when usage is encr, but using sign and auth will prompt the “gpg: Key generation failed: Wrong key usage”.
Subkeys with signatures and authentication can be added normally through the --full-generate-key interaction mode using brainpoolP512r1 curve. Is this an incorrect Gnupg configuration?
system and software information:
- macOS Ventura 13.7.2 and gnupg version 2.4.7(installation via dmg)
$ uname -a
Darwin macos 22.6.0 Darwin Kernel Version 22.6.0: Fri Nov 15 17:21:49 PST 2024; root:xnu-8796.141.3.709.7~2/RELEASE_X86_64 x86_64
$ gpg --version
gpg (GnuPG) 2.4.7
libgcrypt 1.11.0-unknown
Copyright (C) 2024 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /var/folders/1d/z9761hbd67lbrny8yg2prtd80000gn/T/tmp.leYRKAXq
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
- openSUSE Leap 15.6 x86_64 and gnupg version 2.4.4
$ uname -a
Linux opensuse 6.4.0-150600.23.30-default #1 SMP PREEMPT_DYNAMIC Sat Dec 7 08:37:53 UTC 2024 (8c25a0a) x86_64 x86_64 x86_64 GNU/Linux
$ gpg --version
gpg (GnuPG) 2.4.4
libgcrypt 1.10.3
Copyright (C) 2024 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /tmp/tmp.OMPvvhtAJ3
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2