Moving from RSA to Ed25519

Daniel Kahn Gillmor dkg at
Mon Aug 8 23:29:52 CEST 2016

On Mon 2016-08-08 15:18:40 -0400, Dominik George wrote:
> I was thinking about moving from rsa4096 to ed25519.
> I really do not want to lose all the signatures on my key.
> What I could do is add the ed25519 signature and encryption keys to my 
> existing rsa key as subkeys, but I guess this will not improve security 
> because my RSA signature key could still be used.
> From my understanding it is not possible to expire the primary key and keep 
> subkeys.

that is correct.

> Did I get something wrong? If not, what is the smoothest thing to do to 
> migrate?

Now is not a good time to migrate, especially if you want to keep all of
your certifications intact.  Many people do not have access to a version
of GnuPG that is capable of supporting elliptic curve crypto, even on
the public side (encrypting data, verifying signatures).

You'd be better off waiting to migrate unless you have a very specific
use case with a group of peers who you know will be able to use those
keys with you.


More information about the Gnupg-users mailing list