Advice for key format with Nitrokey Pro 2 (signing, authentication)

To: debian-devel@lists.debian.org
Subject: Advice for key format with Nitrokey Pro 2 (signing, authentication)
From: Alberto Luaces <aluaces@udc.es>
Date: Thu, 30 Apr 2020 11:31:48 +0200
Message-id: <[🔎] 87sggltj3v.fsf@eps142.cdf.udc.es>

Hello, I'm seeking advice from those of you that are using a Nitrokey
Pro 2 device when developing for Debian.  My signing and authentication
keys are expired, and instead of renewing them, I'm thinking of creating
new ones:

So far they are ECC nistp, because the Pro 2 only supports nistp and
brainpoolp types.

1. Authentication: salsa.debian.org only admits RSA or ed25519 for SSH —
that rules out the ECC types provided by the Pro 2, but I wonder if I
should go for RSA4096 or if something smaller could be faster on the
hardware while still being decently secure (RSA3072, for example?).

2. Signing: does Debian commands like dsign or even the archive system
prevent using certain key types or they are ok as long as gpg creates
the signature?

Thanks!

-- 
Alberto

Reply to:

Prev by Date: Re: Salsa update: no more "-guest" and more
Next by Date: Bug#959169: ITP: ruby-jekyll-polyglot -- Localization plugin for Jekyll websites
Previous by thread: Re: Bug#927047 closed by Debian FTP Masters <ftpmaster@ftp-master.debian.org> (Bug#959102: Removed package(s) from unstable)
Next by thread: Bug#959169: ITP: ruby-jekyll-polyglot -- Localization plugin for Jekyll websites
Index(es):
- Date
- Thread