SSH and GPG: Best Key Generation Options in 2025?
from some_boring_username@lemm.ee to linux@lemmy.ml on 13 Jan 05:34
https://lemm.ee/post/52476929
from some_boring_username@lemm.ee to linux@lemmy.ml on 13 Jan 05:34
https://lemm.ee/post/52476929
Hi everybody,
I am a bit out of the loop as far as cryptography algorithms and recommended key sizes are concerned. I have been using the same ssh and gpg keys for a long time.
However, I need to generate a few new keys (both ssh and gpg) that should meet high security standards (private use, but paranoid) and was wondering what options are the most common and recommended ones you are using today?
Thanks a lot to everybody in advance!
threaded - newest
Short Answer is ed25519, which is the new default key encryption in open SSH. Here’s an explainer that helped me
Thanks! Cool video, I like her style. (Will look into the specifics of ed25519 out of interest when I have time… So, most probably not and I’ll just use it ;-D)
For GPG it is the same?
RSA4096 has a bit of an edge over ed25519 both in effective key size as well as support by things like YubiKeys and other HSMs that is beneficial for GPG but not really helpful for SSH.
Ah, that’s a good point, thanks!
The correct answer to this question should be ''Whatever is the current default".
If we have to ask and answer such questions as this (I’m unconvinced), then something is really wrong.
SSH generally best to use ed25519, for GPG RSA4096 is better supported by HSMs and slightly more secure for longer-lived keys like root keys.
Others have provided the answer but if you want to explore system wide crypto policies check out update-crypto-policies
Don’t understand. Check it out where?
From a terminal window: man update-crypto-policies or just search for an explanation in your browser.
Ah. I didn’t imply the ‘man’ in there.
Thank-you.