On Fri, May 03, 2019 at 15:44:26 +0200, Werner Koch wrote: > Use ECC keys with Yubikeys or use a Gnuk based token like the original > Gnuk token or one from another venodor like Nitrokey. I use a GnuK > token with an ed25519 signing key to sign my commits. IMHO, token based > 4k RSA keys are too slow for regular work.
FWIW I use a 4096 bit RSA key on a Nitrokey Pro (a model that's a couple years old) and the total time of PIN entry + signing averages ~5s. While it is certainly a noticeable delay, I don't find it burdensome for operations like signing mail and commits, and I'll sign sometimes dozens of times per day, with forced pinentry. I'm not suggesting that RSA be used instead of ECC; my token just doesn't support it. But newer Nitrokeys do. I'll likely switch eventually. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users