Which RND generator is used? Which random quality is used for ECC (BrainpoolP512r1)?

eikethomas · April 29, 2025, 4:39pm

Dear GnuPG Team,
Can you please let me know:
1.) Which RND generator is used from GnuPG for generation of ECC BrainpoolP512r1 key pair? … Which source is used to create/gain the initial random seed (e.g. System Clock, Mouse Pointer values, Key Board entriess, system values …) before that gets hashed?
2.) Does a encryption with ECC Key Pair (BrainpoolP512r1) use by default the AES-256 derived encryption/mac key?

I just learned that the quality of random is essential for the strength of the algorithm and I did not found any information to the RND generator used nor the symmetric Key generated by the ECC Key derivation function (nor which standard is used for shared secret and key derivation function)

We want to recommend our customers to use the GPG4Win (Kleopatra) to encrypt and sign their secret information with an additional envelope by using ECC BrainpoolP512r1 key pair. I really valuate that GnuPG offers this opportunity to us (Symantec PGP Desktop seems not to support any ECC encr./sign.).

Thank you you very much for your kind answer.

EikeThomas

bernhard · April 29, 2025, 5:05pm

Dear @eikethomas,

GnuPG’s component that is responsible for generating random is libgcrypt, you’ll find a documentation of how it works at Random-Number Subsystem Architecture (The Libgcrypt Reference Manual) . This should answer most of your questions.

As you can read, it depends on the build options and the platform. So on Windows it will be rndw32.

Note that for customers that have high security demands, there is a build which is approved by the German BSI for VS-NfD (a German classification level) and also meets the compliance requirements for EU-RESTRICTED and NATO-RESTRICTED :
https://www.gnupg.com/gnupg-vs-desktop.html

(According to the BSI regulations a support license will have to be bought, though it is the same software.The approval process included a review of the random generator(s). So there is more in depth information, if you are interested.)

Hope this is already helpful!
Best Regards,
Bernhard