[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Advice for key format with Nitrokey Pro 2 (signing, authentication)

Hello, I'm seeking advice from those of you that are using a Nitrokey
Pro 2 device when developing for Debian.  My signing and authentication
keys are expired, and instead of renewing them, I'm thinking of creating
new ones:

So far they are ECC nistp, because the Pro 2 only supports nistp and
brainpoolp types.

1. Authentication: salsa.debian.org only admits RSA or ed25519 for SSH —
that rules out the ECC types provided by the Pro 2, but I wonder if I
should go for RSA4096 or if something smaller could be faster on the
hardware while still being decently secure (RSA3072, for example?).

2. Signing: does Debian commands like dsign or even the archive system
prevent using certain key types or they are ok as long as gpg creates
the signature?



Reply to: