[Question] Should FlowCrypt support ECC (fallback) that hasn't been standardize for OpenPGP

[martgil]

I am investigating case for the following user in referenced below. The user is using keys that are by default gets into OpenPGP.js's rejectedCurves.

At this point, its up with FlowCrypt decision whether they would like to support those secp256k1 ECC.

Reference: https://mail.google.com/mail/u/human@flowcrypt.com/#inbox/FMfcgzQZSsKvHjQGBqFgnPNPnDxcKDNq

[martgil]

@sosnovsky @tomholub This one is not urgent but requires a collaboration. thank you!

[sosnovsky]

As openpgpjs noted - secp256k1 was not standardized to use with OpenPGP (openpgpjs/openpgpjs#1590 (comment)).
Other email encryption tools don't support it too - https://proton.me/support/openpgp-keys-security

I think it'll be better to recommend users to replace their existing secp256k1 key with a new one, for better security.

[martgil]

Thank you, @sosnovsky, for reviewing this. I have informed the reporting user, and they should now understand the cause of the error and the recommended solution of generating a new key pair through FlowCrypt.