Re: Advice for key format with Nitrokey Pro 2 (signing, authentication)
Marco d'Itri writes:
> On Apr 30, Alberto Luaces <aluaces@udc.es> wrote:
>
>> 1. Authentication: salsa.debian.org only admits RSA or ed25519 for SSH —
>> that rules out the ECC types provided by the Pro 2, but I wonder if I
>> should go for RSA4096 or if something smaller could be faster on the
>> hardware while still being decently secure (RSA3072, for example?).
> For SSH (i.e. not a very long term secret) even RSA 2048 is more than
> enough.
> Do not waste your time with cargo cult security.
>
>> 2. Signing: does Debian commands like dsign or even the archive system
>> prevent using certain key types or they are ok as long as gpg creates
>> the signature?
> Everything should work, as long as they are using a recent enough
> version of gnupg.
Thanks, Marco. Indeed, the tip about RSA2048 for the SSH key will save
me time.
--
Alberto
Reply to: