Re: Advice for key format with Nitrokey Pro 2 (signing, authentication)

To: debian-devel@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: Advice for key format with Nitrokey Pro 2 (signing, authentication)
From: Marco d'Itri <md@Linux.IT>
Date: Fri, 1 May 2020 02:05:02 +0200
Message-id: <[🔎] 20200501000502.GA1554446@bongo.bofh.it>
In-reply-to: <87sggltj3v.fsf@eps142.cdf.udc.es>
References: <87sggltj3v.fsf@eps142.cdf.udc.es>

On Apr 30, Alberto Luaces <aluaces@udc.es> wrote:

> 1. Authentication: salsa.debian.org only admits RSA or ed25519 for SSH —
> that rules out the ECC types provided by the Pro 2, but I wonder if I
> should go for RSA4096 or if something smaller could be faster on the
> hardware while still being decently secure (RSA3072, for example?).
For SSH (i.e. not a very long term secret) even RSA 2048 is more than 
enough.
Do not waste your time with cargo cult security.

> 2. Signing: does Debian commands like dsign or even the archive system
> prevent using certain key types or they are ok as long as gpg creates
> the signature?
Everything should work, as long as they are using a recent enough 
version of gnupg.

-- 
ciao,
Marco

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Advice for key format with Nitrokey Pro 2 (signing, authentication)
  - From: Alberto Luaces <aluaces@udc.es>

Next by Date: Work-needing packages report for May 1, 2020
Next by thread: Re: Advice for key format with Nitrokey Pro 2 (signing, authentication)
Index(es):
- Date
- Thread