gchq/CyberChef

Bug report: ECC keys from "Generate PGP Key Pair" operation are invalid

Open

#2267 opened on Mar 21, 2026

View on GitHub
 (0 comments) (0 reactions) (1 assignee)JavaScript (34,843 stars) (3,944 forks)batch import
bughelp wanted

Description

Describe the bug ECC keys generated by the Generate PGP Key Pair operation are invalid because algorithm and curve type have not been set.

This results in PGP Encrypt operations using such a key failing with an obscure internal kbpgp message as per #1440, #1923.

To Reproduce See #1440 for example

Expected behaviour Key should have subkeys for signing/certification and encryption. See https://github.com/zapu/kbpgp/blob/4f61781c93798c0527f250332f50c47b73e878ca/test/files/cv25519.iced#L239-L249 for a reference example.

Additional context Long term it would probably be better to replace the kbpgp library with a more frequently updated/modern library such as openpgp.js

Contributor guide

Tech stack
javascript
Domain
securityfrontend
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
2
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
blocked
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
PGP key generation basicskbpgp library
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
60
Research direction
First, examine the Generate PGP Key Pair operation in CyberChef's source code. Look at how key generation parameters are passed to kbpgp. The test file at https://github.com/zapu/kbpgp/blob/4f61781c93798c0527f250332f50c47b73e878ca/test/files/cv25519.iced#L239 L249 shows the correct way to set algorithm and curve. Identify where in the current code the algorithm and curve are missing and add them.