Choice of ECC curve on usb token
Wiktor Kwapisiewicz
wiktor at metacode.biz
Mon Jul 2 10:12:43 CEST 2018
Hi Damien,
> I was referring to the discussion around RSA vs. ECC in
> https://crypto.stackexchange.com/questions/60392/choice-of-ecc-curve-on-usb-token/60394#60394
>
> I read several texts of people preferring RSA over ECC.
That's an excellent answer, thanks for posting this!
I've came up with the same exact answer when deciding on the key type
for my primary key (I used RSA 4096).
As for subkeys: they can fortunately be rotated so you can use anything
(ECC, and if it's broken, rotate the key, [0]; RSA 2048 if 4096 is too
slow; just mind the key expiry dates).
There is one argument brought in favor of ECC in context of OpenPGP -
that you could share the primary public keys directly, instead of
fingerprints, but that in my opinion protects only against the hash
function being broken, as the primary public key cannot (usually) be
used alone (one needs the subkeys and signatures).
Kind regards,
Wiktor
[0]: as a side note I haven't seen tamper resistant devices with ECC,
e.g. YubiKey supports NIST curves via PIV applet but not OpenPGP one :(
--
https://metacode.biz/@wiktor
More information about the Gnupg-users
mailing list