[pacman-dev] [PATCH] pacman-key: change signing key to ed25519

Geert Hendrickx geert at hendrickx.be
Wed Nov 4 20:53:18 UTC 2020

Larger RSA keys are not the way forward, switch to ed25519 instead.
This will also become the default in the next version of GnuPG.

Signed-off-by: Geert Hendrickx <geert at hendrickx.be>
 scripts/pacman-key.sh.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index ccfd1b96..fd9d3793 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -147,8 +147,8 @@ generate_master_key() {
 	# Generate the master key, which will be in both pubring and secring
 	"${GPG_PACMAN[@]}" --gen-key --batch <<EOF
 %echo Generating pacman keyring master key...
-Key-Type: RSA
-Key-Length: 4096
+Key-Type: EDDSA
+Key-Curve: ed25519
 Key-Usage: sign
 Name-Real: Pacman Keyring Master Key
 Name-Email: pacman at localhost

More information about the pacman-dev mailing list