[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Advice for key format with Nitrokey Pro 2 (signing, authentication)

Marco d'Itri writes:

> On Apr 30, Alberto Luaces <aluaces@udc.es> wrote:
>> 1. Authentication: salsa.debian.org only admits RSA or ed25519 for SSH —
>> that rules out the ECC types provided by the Pro 2, but I wonder if I
>> should go for RSA4096 or if something smaller could be faster on the
>> hardware while still being decently secure (RSA3072, for example?).
> For SSH (i.e. not a very long term secret) even RSA 2048 is more than 
> enough.
> Do not waste your time with cargo cult security.
>> 2. Signing: does Debian commands like dsign or even the archive system
>> prevent using certain key types or they are ok as long as gpg creates
>> the signature?
> Everything should work, as long as they are using a recent enough 
> version of gnupg.

Thanks, Marco.  Indeed, the tip about RSA2048 for the SSH key will save
me time.


Reply to: