The only way to access the Curve25519 curve in GPG is through gpg --expert --full-gen-key.
From my knowledge, Curve25519 is one of the most secure (and fast) elliptic curves in cryptography. So why is RSA fine, but Curve25519 is considered a risk only experts should take?
The risk mainly resides in compatibility.
See, not all GPG users/systems are updated to the latest version. If you look at the GPG changelogs, you'll notice ECC was first introduced to GPG with version 2.1 in 2015:
- Support for Elliptic Curve Cryptography (ECC) is now available. ⇒more
None of the pre v2.1 versions of GPG support ECC, which is something that can and most probably will cause several annoyances and interoperability issues — hence the "expert" toggle which can be interpreted as "herewith I confirm that I know what I'm doing and that I'm aware of related compatibility problems that may come within it".
Note that this is only an annoyance for the time being; things will surely brighten up while time goes by and more users/systems adopt newer GPG versions by updating
Also note the related dependencies and — last but not least — the OpenPGP specification "draft" status, which additionally influence adoption speed:
Encryption ECDH — RFC7748: Curve25519
OpenPGP specification: RFC4880bis draft
Dependencies:
libgcrypt >= 1.7.0
Gnuk >= 1.2.0
(Source: https://wiki.gnupg.org/ECC)
Support for what GnuPG calls cv25519 public-key encryption keys, and for ed25519 public-key signature keys, is neither standardized nor widespread, so you're likely to hit compatibility issues with anyone else using OpenPGP.
FYI: I noticed in my Proton Mail account that my keys use ECC (Curve25519). So, a simple way to use this encryption method is with a fellow Proton Mail user.
