CODEWITHSUNDEEP
gnupgpgp
Pierre
Pierre

Reputation: 2742

PGP: Where can I find a list of supported algorithms (name+number)?

When you generate an PGP key-pair, you can choose a Public-Key algorithm:

$ gpg --expert --full-gen-key
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC and ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (13) Existing key
  (14) Existing key from card
Your selection?

When you list/browse PGP public keys, the used algorithms for this key is represented as a number. Example with a simple RSA 2048 key:

$ gpg --export [email protected] | gpg --list-packets --verbose
...
:public key packet:
    version 4, algo 1, created 1531406055, expires 0s 0
...
:signature packet: algo 1, keyid 47F915B113C9BC18
    version 4, created 1531406055, md5len 0, sigclass 0x13
    digest algo 2, begin of digest 7a 9c
...
:public sub key packet:
    version 4, algo 1, created 1531406055, expires 0

I'm here talking about the algo 1, digest algo 8, algo 2 etc.

I'm looking for a complete list where I can find the name of each algo, given this algo number.

I found a list in the RFC 4880 (OpenPGP Message Format):

      ID           Algorithm
      --           ---------
      1          - RSA (Encrypt or Sign) [HAC]
      2          - RSA Encrypt-Only [HAC]
      3          - RSA Sign-Only [HAC]
      16         - Elgamal (Encrypt-Only) [ELGAMAL] [HAC]
      17         - DSA (Digital Signature Algorithm) [FIPS186] [HAC]
      18         - Reserved for Elliptic Curve
      19         - Reserved for ECDSA
      20         - Reserved (formerly Elgamal Encrypt or Sign)
      21         - Reserved for Diffie-Hellman (X9.42,
                   as defined for IETF-S/MIME)
      100 to 110 - Private/Experimental algorithm

But this list seems to be incomplete: if I generate a key with ECC algorithm (Elliptic Curve Cryptography) and Curve 25519, the public key algo is 22 which is not in the list above. However gpg binary is aware of this algo name:

$ gpg --list-keys

pub   ed25519 2022-04-06 [SC]
      7D438CA8D0C6D57EA168521C2C800B246796CFC9
uid           [ultimate] John <[email protected]>
sub   cv25519 2022-04-06 [E]

Is there an up-to-date list of all available algos and their associated number somewhere ?

Upvotes: 4

Views: 5802

Answers (2)

witchi
witchi

Reputation: 401

The following Bash function reads the algorithm list (XML) from the IANA server and displays the name of a given algorithm number (from the GPG key):

get_algorithm_name() {
   local n="${1}"
   local xml=$(curl -X GET -o - -L -s "https://www.iana.org/assignments/openpgp/openpgp.xml")
   if [ "$?" != "0" ]; then
     echo -e "unknown algorithm (list not loaded)"
     return
   fi
  
   local xpath="/reg:registry/reg:registry[@id='openpgp-public-key-algorithms']/reg:record[reg:value='${n}']/reg:description"
   local name=$( echo -e "${xml}" | xmlstarlet sel -N reg=http://www.iana.org/assignments -t -v "${xpath}" )
   if [ "$?" != "0" ]; then
     echo -e "unknown algorithm (number not found)"
     return
   fi
  
   echo -e "${name}"
  }

get_algorithm_name "${1}"

You can store the script as gpg-alg and call it with the extracted algorithm number (from key) like that:

gpg-alg 17

You need an installed xmlstarlet to process the XML file.

Upvotes: 2

evilmandarine
evilmandarine

Reputation: 4543

Not sure this fully covers your needs, but in addition to the RFC4880 - sections 9.1 to 9.4, that has the following lists:

9.1. Public-Key Algorithms
9.2. Symmetric-Key Algorithms
9.3. Compression Algorithms
9.4. Hash Algorithms

Here's what I could find:

Elliptic Curve Cryptography (ECC) in OpenPGP
RFC6637, section 5 - https://www.rfc-editor.org/rfc/rfc6637#section-5

"Unknown algorithm 22" thread
https://lists.gnupg.org/pipermail/gnupg-devel/2017-April/032762.html

Algorithm 22 seems to be listed in this thread:

Right we are a bit faster than the specs. The OpenPGP WG agreed on using 22 for EdDSA in mid 2014. The draft-koch-eddsa-for-openpgp-00 specified the algorithms; meanwhile superseded by draft-ietf-openpgp-rfc4880bis-01.

+-----------+----------------------------------------------------+
|        ID | Algorithm                                          |
+-----------+----------------------------------------------------+
|         1 | RSA (Encrypt or Sign) [HAC]                        |
|         2 | RSA Encrypt-Only [HAC]                             |
|         3 | RSA Sign-Only [HAC]                                |
|        16 | Elgamal (Encrypt-Only) [ELGAMAL] [HAC]             |
|        17 | DSA (Digital Signature Algorithm) [FIPS186] [HAC]  |
|        18 | ECDH public key algorithm                          |
|        19 | ECDSA public key algorithm [FIPS186]               |
|        20 | Reserved (formerly Elgamal Encrypt or Sign)        |
|        21 | Reserved for Diffie-Hellman                        |
|           | (X9.42, as defined for IETF-S/MIME)                |
|        22 | EdDSA [I-D.irtf-cfrg-eddsa]                        |
|  100--110 | Private/Experimental algorithm                     |
+-----------+----------------------------------------------------+

Note: just in case it helps you as it helped me, "digest" is the output of a hash algorithm.

Upvotes: 6

Related Questions