7

My boss wants to sign our binary. I need to tell him how he can create the signing key.

Most if not all sites I have seen about signing binaries say "use gpg".

OK, so gpg per default has 2048. Their FAQ https://www.gnupg.org/faq/gnupg-faq.html#sec-11-4 has several arguments why 3072 or even 4096 does not offer higher security but "costs a lot" (I assume they refer to computing resources).

Does this still apply 2020? Can I safely recommend to my boss to use 2048 key size?

What puzzles me even more though, is that on their FAQ they say:

Probably not. The future is elliptical-curve cryptography, which will bring a level of safety comparable to RSA-16384. Every minute we spend arguing about whether we should change the defaults to RSA-3072 or more is one minute the shift to ECC is delayed. Frankly, we think ECC is a really good idea and we’d like to see it deployed as soon as humanly possible.

Is it possible to use ECC for signing binaries? Are there any tutorials for that? Or is the current state-of-the-art to still use gpg with 2048 key size?

transient_loop
  • 427
  • 4
  • 13

1 Answers1

5

Does this still apply 2020? Can I safely recommend to my boss to use 2048 key size?

This would be to a certain extent a matter of opinion and as such likely not suitable for discussion on StackExchange. For any practical purposes one should be safe with 2048-bit RSA for years to come. However, the cost of using 4096-bit RSA won't be practically noticeable when used for signing binaries.

ECC seem to offer more strength in smaller keys as well as faster computation for both signing and verification. Bitcoin employs ECDSA with 256-bit keys, for example.

Is it possible to use ECC for signing binaries? Are there any tutorials for that?

Currently, at least as of GPG v2.1, ECC key pairs are possible to be created in GPG. To check the version of GPG in your system and list available algorithms you can call gpg2 --version. If you can see ECDSA or EDDSA, you can also generate ECC key pairs using gpg2 --full-gen-key --expert and selecting the appropriate algorithm. As to differences between the two, see this question.

Hubert Jasieniecki
  • 286
  • 1
  • 5
  • 2
    For compatibility with older systems you should stick with RSA. If unsure about the key size, IMHO just pick the largest as you won't notice the difference. For ECC I would at least recommend waiting for the RFC's to be published, see: https://wiki.gnupg.org/ECC. This opens up a whole lot of new questions though, with ECC there's some mistrust in curves like the NIST ones with no rationale behind some of the chosen parameters. GnuPG plans on using Curve25519 by default, and although SSH requires support for NIST curves it prefers Curve25519 or its close variant, Ed25519, when possible. – Thomas Guyot-Sionnest Jul 08 '21 at 04:28