The current GnuGP is able to generate and export Ed448 keys, but it is not able to import these.
I tried
[root@fedora37 ~]# gpg2 --batch --pinentry-mode loopback --passphrase 1234567890 -v --quick-gen-key curve448 ed448 gpg: writing self signature gpg: EDDSA/SHA512 signature from: "FDEA40DAF66E1FE0 [?]" gpg: writing public key to '/root/.gnupg/pubring.kbx' gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: using pgp trust model gpg: directory '/root/.gnupg/openpgp-revocs.d' created gpg: writing to '/root/.gnupg/openpgp-revocs.d/FDEA40DAF66E1FE01D44EE5BDC20B27F6B3E1DCCEA35C4E5B16EF8E658BD4F9E.rev' gpg: EDDSA/SHA512 signature from: "FDEA40DAF66E1FE0 curve448" gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/FDEA40DAF66E1FE01D44EE5BDC20B27F6B3E1DCCEA35C4E5B16EF8E658BD4F9E.rev' [root@fedora37 ~]# gpg2 --batch --pinentry-mode loopback --passphrase 1234567890 --export-secret-keys > curve_secure.asc [root@fedora37 ~]# gpg2 --batch --pinentry-mode loopback --passphrase 1234567890 --import --debug-all < ../curve_secure.asc gpg: key FDEA40DAF66E1FE0: "curve448" not changed gpg: key FDEA40DAF66E1FE0/FDEA40DAF66E1FE0: error sending to agent: Bad secret key gpg: error reading '[stdin]': Bad secret key gpg: import from '[stdin]' failed: Bad secret key gpg: Total number processed: 0 gpg: unchanged: 1 gpg: secret keys read: 1
Using debug-all gives a bit more information, but nothing super-useful:
gpg: DBG: chan_4 -> KEYWRAP_KEY --import gpg: DBG: chan_4 <- [ 44 20 85 af 05 be 98 78 be 46 a5 85 d6 b5 99 35 ...(2 byte(s) skipped) ] gpg: DBG: chan_4 <- OK gpg: DBG: chan_4 -> SETKEYDESC Please+enter+the+passphrase+to+import+the+OpenPGP+secret+key:%0A%22curve448%22%0A448-bit+EDDSA+key,+ID+FDEA40DAF66E1FE0,%0Acreated+2022-11-30.%0A gpg: DBG: chan_4 <- OK gpg: DBG: chan_4 -> IMPORT_KEY --timestamp=20221130T155501 --unattended gpg: DBG: chan_4 <- INQUIRE KEYDATA gpg: DBG: chan_4 -> [ 44 20 6c cf c1 8b 05 a7 e9 45 c8 97 52 f1 fb c3 ...(318 byte(s) skipped) ] gpg: DBG: chan_4 -> END gpg: DBG: chan_4 <- ERR 67108871 Bad secret key <GPG Agent> gpg: key FDEA40DAF66E1FE0/FDEA40DAF66E1FE0: error sending to agent: Bad secret key
I was able to collect some more information from gpg-agent, but there is really not much logging in place:
gpg-agent[3460]: DBG: chan_9 <- IMPORT_KEY --timestamp=20221130T161644 --unattended gpg-agent[3460]: DBG: chan_9 -> [[Confidential data not shown]] gpg-agent[3460]: DBG: chan_9 <- [[Confidential data not shown]] gpg-agent[3460]: DBG: chan_9 <- [[Confidential data not shown]] gpg-agent[3460]: command 'IMPORT_KEY' failed: Bad secret key gpg-agent[3460]: DBG: chan_9 -> ERR 67108871 Bad secret key <GPG Agent>
I assume this will be some issue with the new v5 key format for these keys, but I was not able to debug this further so I hope somebody with better overview of the gnupg/agent/openpgp specs will be able to pick up from here.