Unattended GPG key generation fails in debian 13 with "default" parameters

Question

I've been using libgpgme to generate keys in Debian 11. When I re-compile and rerun the same software in Debian 13, I get:

Unknown elliptic curve

I can reproduce this in pure GPG using an example from the manual (scroll to bottom):

$ export GNUPGHOME="$(mktemp -d)"
$ cat >foo <<EOF
    %echo Generating a basic OpenPGP key
    Key-Type: default
    Subkey-Type: default
    Name-Real: Joe Tester
    Name-Comment: with stupid passphrase
    Name-Email: [email protected]
    Expire-Date: 0
    Passphrase: abc
    %commit
    %echo done
EOF

$ gpg --batch --generate-key foo
gpg: keybox '/tmp/tmp.2EKRv57gsQ/pubring.kbx' created
gpg: Generating a basic OpenPGP key
gpg: key generation failed: Unknown elliptic curve
gpg: done

Answer 1

In debian 11, the Key-Type:default implies Key-Type:RSA. Key-Length is applicable to RSA, but defaults to 3072, so it doesn't have to be set.

In debian 13, default appears to have changed to Key-Type:eddsa. EEC keys like Key-Type:eddsa require Key-Curve: and since that isn't specified, and there is no default, we get the error.

---

Solution:

Specify the Key-Type: RSA and Key-Length: 3072

<GnupgKeyParms format="internal"> 
Key-Type: RSA
Key-Length: 3072
Subkey-Type: RSA
Subkey-Length: 3072
Name-Real: xxx 
Name-Comment: Comment Name-Email: [email protected] 
Expire-Date: 0 
Passphrase: xxx
</GnupgKeyParms>

I choose this solution because if the software needs to continue running on Debian 11, it is sure to be reverse compatible.

Key-Curve: default is also an unknown elliptic curve. I was hoping this would work because the docs suggest Key-Curve is ignored by types that don't need it.

I also understand that Key-Type: default/Key-Curve: Ed25519 could also work, but I don't know how well that parameters-set will work on older versions of GPG.