Choice of ECC curve on usb token

Wiktor Kwapisiewicz wiktor at metacode.biz
Mon Jul 2 10:12:43 CEST 2018


Hi Damien,

> I was referring to the discussion around RSA vs. ECC in
> https://crypto.stackexchange.com/questions/60392/choice-of-ecc-curve-on-usb-token/60394#60394
> 
> I read several texts of people preferring RSA over ECC.

That's an excellent answer, thanks for posting this!

I've came up with the same exact answer when deciding on the key type 
for my primary key (I used RSA 4096).

As for subkeys: they can fortunately be rotated so you can use anything 
(ECC, and if it's broken, rotate the key, [0]; RSA 2048 if 4096 is too 
slow; just mind the key expiry dates).

There is one argument brought in favor of ECC in context of OpenPGP - 
that you could share the primary public keys directly, instead of 
fingerprints, but that in my opinion protects only against the hash 
function being broken, as the primary public key cannot (usually) be 
used alone (one needs the subkeys and signatures).

Kind regards,
Wiktor

[0]: as a side note I haven't seen tamper resistant devices with ECC, 
e.g. YubiKey supports NIST curves via PIV applet but not OpenPGP one :(

-- 
https://metacode.biz/@wiktor




More information about the Gnupg-users mailing list