Re: Advice for key format with Nitrokey Pro 2 (signing, authentication)

To: debian-devel@lists.debian.org
Subject: Re: Advice for key format with Nitrokey Pro 2 (signing, authentication)
From: Alberto Luaces <aluaces@udc.es>
Date: Fri, 01 May 2020 11:59:07 +0200
Message-id: <[🔎] 87o8r8t1qs.fsf@eps142.cdf.udc.es>
References: <87sggltj3v.fsf@eps142.cdf.udc.es> <[🔎] 20200501000502.GA1554446@bongo.bofh.it>

Marco d'Itri writes:

> On Apr 30, Alberto Luaces <aluaces@udc.es> wrote:
>
>> 1. Authentication: salsa.debian.org only admits RSA or ed25519 for SSH —
>> that rules out the ECC types provided by the Pro 2, but I wonder if I
>> should go for RSA4096 or if something smaller could be faster on the
>> hardware while still being decently secure (RSA3072, for example?).
> For SSH (i.e. not a very long term secret) even RSA 2048 is more than 
> enough.
> Do not waste your time with cargo cult security.
>
>> 2. Signing: does Debian commands like dsign or even the archive system
>> prevent using certain key types or they are ok as long as gpg creates
>> the signature?
> Everything should work, as long as they are using a recent enough 
> version of gnupg.

Thanks, Marco.  Indeed, the tip about RSA2048 for the SSH key will save
me time.

-- 
Alberto

Reply to:

References:
- Re: Advice for key format with Nitrokey Pro 2 (signing, authentication)
  - From: Marco d'Itri <md@Linux.IT>

Prev by Date: Work-needing packages report for May 1, 2020
Next by Date: Re: Bug#944713: www.debian.org: Developer Locations map empty
Previous by thread: Re: Advice for key format with Nitrokey Pro 2 (signing, authentication)
Next by thread: Work-needing packages report for May 1, 2020
Index(es):
- Date
- Thread