OpenPGP for Java version 2.6.2 with ECC support

Dear friends,

We are happy to announce that version 2.6.2 of DidiSoft OpenPGP Library for Java has been released today.

A major new feature in this release is full support for Elliptic Curve cryptography (ECC) in OpenPGP (RFC 6637).

Why should I care

ECC OpenPGP keys are considered to be stronger in terms of cryptography compared to the currently used RSA and ElGamal (DH/DSS) keys.

(please read below for details)

Migration guide

The migration steps consist of replacing pgplib-2.6.jar (as usual) and also replacing bcpg-jdk14-145.jar with bcpg-jdk14-145-ecc.jar.

After migrating to the new version you can use transparently the new type of keys and the algorithms that they provide.

Key generation is performed with a new set of methods generateEccKeyPair available in the KeyStore and PGPKeyPair classes. Please check the tutorial chapter that illustrates ECC OpenPGP key generation.

What is Elliptic Curve cryptography in OpenPGP

ECC in OpenPGP is an extension of the OpenPGP standard, that was published a year ago.

It provides additional type of OpenPGP keys (ECC keys) and algorithms for encrypting the session key (Elliptic Curve Diffie-Hellman / EC DH) and generating digital signatures (Elliptic Curve Digital Signature Algorithm / EC DSA).

The standard also recommends the usage of only the AES-128 through AES-256 and SHA-256 through SHA-512 algorithms as symmetric ciphers and hash algorithms (for encrypting the OpenPGP data and generating the signature hash respectively).

EC curves and Key strength

RFC 6637 defines three Elliptic curves that can be used. They are defined by the National Security Agency Suite B and are known as:

NIST curve P-256 (defines an elliptic curve over the field of 256 bit prime numbers)

NIST curve P-384 (defines an elliptic curve over the field of 384 bit prime numbers)

NIST curve P-521 (defines an elliptic curve over the field of 521 bit prime numbers)

A rough comparison between the size of each EC curve and an RSA key can be seen below (source: RFC 6637)

NIST P-256 based key is comparable to a 3072 bit RSA key

NIST P-384 based key is comparable to a 7680 bit RSA key

NIST P-521 based key is comparable to a 15360 bit RSA key

Current support by the Industry

This rather new extension of the OpenPGP standard is still not widely adopted.

According to the information that we have currently only Symantec PGP Command line 10.2 (and later) fully support RFC 6637.

GnuPG 2.1 will also supports it (it is still in Beta as of the time of this writing).

Backward compatibility

ECC OpenPGP keys are not compatible with older OpenPGP implementations.