On 2020-11-04 21:53, Geert Hendrickx via pacman-dev wrote:
Larger RSA keys are not the way forward, switch to ed25519 instead. This will also become the default in the next version of GnuPG. [...] -Key-Type: RSA -Key-Length: 4096 +Key-Type: EDDSA +Key-Curve: ed25519
I will note that the strength of Ed25519 is estimated to be roughly comparable to RSA 3027 [1], so the currently chosen RSA 4096 is actually a slightly stronger algorithm. I am not saying that this is an argument against using Ed25519, which I believe offers ample security for the foreseeable future, but to be honest, I do not see a pressing need to switch either: One main benefit of elliptic curves is the much smaller key size, but that is not important for a locally-generated signing key that by design will never be shared with anyone else. On the other hand, Ed25519 is still not formally included in the OpenPGP specification [2]. (Again, this is not necessarily an argument against its internal use in pacman, since it only needs to be processable by GnuPG.) However, given the above facts, personally I would feel more comfortable holding back this change for now, at least until GnuPG has actually made the switch to Ed25519 as its default algorithm. Best, Jonas [1] https://ed25519.cr.yp.to/ [2] https://tools.ietf.org/html/rfc4880