Page MenuHome GnuPG

ECC public keys are not accepted by Facebook (Unknown PGP Public Key Error)
Closed, ResolvedPublic


I have encrypted notifications enabled with Facebook. I originally provided my ECC public key which uses EdDSA (ed25519) and ECDH (cv25519). When my keys expired I extended the expiration date and created new subkeys. Facebook didn't accept my public key and gave this error message:

Unknown PGP Public Key Error
Please check that the value you entered is a valid PGP key and does not contain any missing or corrupted data, and that if headers are present they are separated from the body by a blank line.

The master key and signing and encrypting sub keys are good according to Kleopatra. The entire public key block from -----BEGIN PGP PUBLIC KEY BLOCK----- to -----END PGP PUBLIC KEY BLOCK----- was copied so no missing data. I tried the public key blocks with and without headers. I also tried creating a new OpenPGP key pair with ECDSA/EdDSA but Facebook also rejected it for the same reason. When I tried a new key pair with RSA/RSA Facebook accepted it. I'm not sure if Kleopatra is generating malformed ECC keys or if Facebook is no longer accepting ECC keys.

Steps to reproduce:

  1. Create a new personal OpenPGP key pair with ECDSA/EdDSA as the key material.
  2. Copy and paste the new public key block into the OpenPGP public key text field on Facebook (under security > encrypted notifications).
  3. Facebook rejects the public key.
  4. Repeat step 1 but with RSA/RSA as the key material and repeat step 2.
  5. Facebook will accept the public key.

gpg (GnuPG) 2.2.27
libgcrypt 1.8.7



Event Timeline

werner claimed this task.
werner edited projects, added Support; removed Bug Report.
werner added a subscriber: werner.

So Facebook simply does not support Ed25519 keys; there implementation is a bit limited. To be fair, there is no published RFC describing 25519 for OpenPGP; all major implementations work with drafts regarding 25519.