Moving from RSA to Ed25519
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Aug 8 23:29:52 CEST 2016
On Mon 2016-08-08 15:18:40 -0400, Dominik George wrote:
> I was thinking about moving from rsa4096 to ed25519.
>
> I really do not want to lose all the signatures on my key.
>
> What I could do is add the ed25519 signature and encryption keys to my
> existing rsa key as subkeys, but I guess this will not improve security
> because my RSA signature key could still be used.
>
> From my understanding it is not possible to expire the primary key and keep
> subkeys.
that is correct.
> Did I get something wrong? If not, what is the smoothest thing to do to
> migrate?
Now is not a good time to migrate, especially if you want to keep all of
your certifications intact. Many people do not have access to a version
of GnuPG that is capable of supporting elliptic curve crypto, even on
the public side (encrypting data, verifying signatures).
You'd be better off waiting to migrate unless you have a very specific
use case with a group of peers who you know will be able to use those
keys with you.
--dkg
More information about the Gnupg-users
mailing list