Choice of ECC curve on usb token

Damien Cassou damien at cassou.me
Fri Jun 29 09:36:39 CEST 2018


Hi,

I would like to get a usb token to secure my keys. My use case is
protection of 3 GnuPG keys that I will be using 10 times per day at
least. I plan to create a new key ring from scratch. Because ECC seems
more future-oriented than RSA, this is what I chose to use. I'm
wondering which usb token to choose as well as which curve.

On https://www.gnupg.org/(it)/faq/whats-new-in-2.1.html 2 it is said
that many people think NIST and Brainpool have a doubtful origin
therefore they recommend the non-standardized Bernstein’s Curve
25519. On
https://support.nitrokey.com/t/choice-of-curves-on-the-storage-2/1192/3,
the author says that (1) he is not aware of profound critic on Brainpool
curves and (2) Bernstein’s Curve 25519 is hard to protect against side
channel attacks when being implemented in embedded devices.

As a result, I'm a bit lost in what key/curve to choose.

-- 
Damien Cassou
http://damiencassou.seasidehosting.st

"Success is the ability to go from one failure to another without
losing enthusiasm." --Winston Churchill



More information about the Gnupg-users mailing list