On Wed, Nov 04, 2020 at 16:30:19 -0500, Eli Schwartz wrote:
Currently pacman assumes gpgme from >= the year 2010, is that sufficient to read ed25519? (idk, it's shelling out to gpg and thus likely doesn't care?) Maybe we should bump this anyway in the expectation that requiring a ~2015 version of gpgme will naturally lead to gpg versions that support generating such keys.
This change only affects new installations, existing ones will continue using their rsa2048 (or recently rsa4096) master keys, until they re-run pacman-key --init.
This will also become the default in the next version of GnuPG.
I see such a commit on GnuPG's master branch but not on the stable branch. When do you expect this to be released...
Good question, I don't know. The point is that the trend is clearly towards EdDSA rather than larger RSA. And GnuPG (as well as openssh etc) need to be conservative, as they must be interoperable with other or older implementations, pacman doesn't even have that limitation. Geert