Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should guide be updated to use ECC rather than RSA? #270

Closed
sunknudsen opened this issue Jul 15, 2021 · 3 comments
Closed

Should guide be updated to use ECC rather than RSA? #270

sunknudsen opened this issue Jul 15, 2021 · 3 comments

Comments

@sunknudsen
Copy link
Contributor

This is likely an opinionated question…

Asking because I would love to get community’s feedback on using ECC vs RSA in the context of provisioning YubiKeys.

YubiKey has released firmware 5.2.3 in August of 2019 which added support for Elliptic Curves.

From GnuPG FAQ:

Will GnuPG ever support RSA-3072 or RSA-4096 by default?

Probably not. The future is elliptical-curve cryptography, which will bring a level of safety comparable to RSA-16384. Every minute we spend arguing about whether we should change the defaults to RSA-3072 or more is one minute the shift to ECC is delayed. Frankly, we think ECC is a really good idea and we’d like to see it deployed as soon as humanly possible.

Running gpg --full-generate-key on macOS:

$ gpg --full-generate-key
gpg (GnuPG) 2.3.1; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (9) ECC (sign and encrypt) *default*
  (10) ECC (sign only)
  (14) Existing key from card
Your selection?

Should guide be updated to use ECC rather than RSA?
@AlekSi
Copy link

AlekSi commented Jul 26, 2021

I switched to using ECC / Curve 25519 using key-attr command and everything seems to work

@drduh
Copy link
Owner

drduh commented Aug 15, 2021

If someone wants to send a PR documenting that EC ciphers work, please be our guest. Otherwise, I don't see a reason to change yet.

@drduh drduh closed this as completed Aug 15, 2021
@btlogy btlogy mentioned this issue Jan 6, 2023
Closed
@btlogy btlogy mentioned this issue Jan 20, 2023
Closed
@PhilipMay
Copy link
Contributor

If someone wants to send a PR documenting that EC ciphers work, please be our guest. Otherwise, I don't see a reason to change yet.

The PR is here: #362

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@AlekSi @PhilipMay @sunknudsen @drduh