[pacman-dev] [PATCH] pacman-key: change signing key to ed25519
Geert Hendrickx
geert at hendrickx.be
Wed Nov 4 20:53:18 UTC 2020
Larger RSA keys are not the way forward, switch to ed25519 instead.
This will also become the default in the next version of GnuPG.
Signed-off-by: Geert Hendrickx <geert at hendrickx.be>
---
scripts/pacman-key.sh.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index ccfd1b96..fd9d3793 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -147,8 +147,8 @@ generate_master_key() {
# Generate the master key, which will be in both pubring and secring
"${GPG_PACMAN[@]}" --gen-key --batch <<EOF
%echo Generating pacman keyring master key...
-Key-Type: RSA
-Key-Length: 4096
+Key-Type: EDDSA
+Key-Curve: ed25519
Key-Usage: sign
Name-Real: Pacman Keyring Master Key
Name-Email: pacman at localhost
--
2.29.2
More information about the pacman-dev
mailing list