Use future-default ?

[dd9jn]

Given that GnuPG 2.2 (or 2.1.18) is anyway suggested, what about using creating ed25519+cv25519 keys? This is not yet the default because GnuPG 2.2 is not yet widely enough deployed. However for this use-case I consider it very useful to use them - the signatures are smaller and signing is much faster with appopriate tokens. ssh can also use and ed25519 key.

I do all my commits for a long time now using an ed22519 key and it is not even noticable using the gnuk token (which is the upstram version of the Nitrokey). A 4k RSA key on a token will introduce a quite noticable delay.

A drawback is that most tokens don't support these key algorithms. A middle ground would be to use an 4k RSA primary key (and take that one offline) and to use an ed25519 signature key.

[mricon]

Yeah, I literally wrote that part of the guide several times over, and I'm still only about 51% convinced that leaving it as "all RSA" for now makes sense. There are two reasons:

1. People who are most likely to read this guide may get confused when you give them too many choices -- especially if some of these choices don't work with specific hardware. So I'm trying to give a solution that is likely to work in the majority of cases.
2. I recommend Yubikey-4 devices in the guide because they implement both smartcard and u2f features. Annoyingly, Nitrokey Pro doesn't do u2f, and the only common device that does ed25519 keys is the Nitrokey Start (because it's basically Gnuk).

So, just for these two reasons I'm sticking with "RSA only for now" for this iteration of the guide. If the next edition of Nitrokey Pro supports both u2f and ECC keys, then I will happily redact that part to what you suggest.

[dd9jn]

1. People who are most likely to read this guide may get confused when you give them too many choices -- especially if some of these choices don't work with specific hardware. So I'm trying to give a solution that is likely to work in the majority of cases.

That make sense.

2. I recommend Yubikey-4 devices in the guide because they implement both smartcard and u2f features. Annoyingly, Nitrokey Pro doesn't do u2f, and the only common device that does ed25519 keys is the Nitrokey Start (because it's basically Gnuk).

There is a lot of progress in the token domain; so things may look different in a year. I see the reason for u2f and it would be interesting to see whether we can implement this in gnuk as well. While I am at it. The TOFU implementation is still pretty new and has not seen a lot of real life tests. But someone needs to start using it so that we can fix the bugs. Thanks for writing this guide Salam-Shalom, Werner

…

-- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

[5bentz]

Last July, I created an ed25519 PGP pubkey, thinking it should be widely adopted as future-default.
Sadly, since Android-Password-Store (https://github.com/zeapo/Android-Password-Store) does not support ed25519 yet, I am now considering moving back from ed25519 to RSA :/

So, as far as I'm concerned, I would still recommend RSA despite its drawbacks!

Thanks for this very useful guide
5bentz

[tmzullinger]

I think this can be closed now? In bc0503d (Update the code integrity guide for 2021, 2021-05-13), the recommendation for subkeys was changed to an ECC algorithm. The certification key is still RSA,