Hello, I'm seeking advice from those of you that are using a Nitrokey Pro 2 device when developing for Debian. My signing and authentication keys are expired, and instead of renewing them, I'm thinking of creating new ones:
So far they are ECC nistp, because the Pro 2 only supports nistp and brainpoolp types. 1. Authentication: salsa.debian.org only admits RSA or ed25519 for SSH — that rules out the ECC types provided by the Pro 2, but I wonder if I should go for RSA4096 or if something smaller could be faster on the hardware while still being decently secure (RSA3072, for example?). 2. Signing: does Debian commands like dsign or even the archive system prevent using certain key types or they are ok as long as gpg creates the signature? Thanks! -- Alberto
