Email encryption: RSA or ED25519?

Hi Folks,

While setting up pgp encrypted email isn’t especially difficult, I find myself confuzzled at which algo to use.

For ssh I use ed25519

Traditionally for email rsa was the choice. Is that still the case? Or has ed25519 moved in.

sigh…I’ve been preaching to people about pgp email for so long I forgot to keep up with the latest.

Thanks

1 Like

Answering my own post…after another half hour googling…

I finally said “screw it” and just opened seahorse (the gnome gui keymanager - Apps/Seahorse - GNOME Wiki!) to create a keypair.

At least as of version 41 (I’m running Linux Mint 21) RSA was the only available option.

It’s not, I read somewhere that using Shor’s Algorithm you could break RSA as easily as if you had the private key.

1 Like

pretty much. New OpenSSH release has ed25519 by default. So there is a transition going on leaving RSA for good.

But with so much stuff relying on RSA, I doubt RSA will vanish in the next 20 years. Legacy software is a thing.

2 Likes

I’ll have to play around with the cli then. As I said, gnome seahorse doesn’t go there for email keys.

As for using a service (Tutanota or Protonmail or similar) if the keys are not sitting on YOUR system it’s not your data.

As the saying goes, not your keys not your crypto…so it is with email or anything else.

I’m looking for something I can encrypt files with AND emails with. So if you can point to something better that can run locally, so I can send the public key to someone on the other end to decrypt I’m all ears.

1 Like

Speaking to gpg 2.2 which I have installed.

You can generate ed25519 keys with gpg --full-gen-key --expert.

The reason to go with RSA is better interoperability. My gpg release defaults to 3k RSA, as the project values that. Whether that’s important to you depends on who you’re emailing.

cool. Thanks

Doesn’t Gnome’s Evolution email client do this? It’s been a while for me, but have been looking to return to POP3 email. Maybe Thunderbird?

Both evolution and thunderbird handle the email side of things. You don’t even need a plugin for that anymore in TB. Both read the gnome keyring.

On the file side of things (setting aside disk encrypt) the implication is that (from within Seahorse – and all the “techtubers” too) only the older rsa algos are available.

Ack (above) pointed out the CLI version. I just haven’t the time to play with it yet.

Side note: That would be nemo/[gui filemanager of choice] addin wouldn’t it? If you’re using a gui file manager jkust right click and encrypt would an option. hmmm

I figured as much, I need to get back into one of the two, but not many people encrypt their emails. . .

I don’t think Nautilus would work like this, but I need to do some more work on it. Haveing a popup terminal within Nautilus would help that, or having it as a right-click menu option ,

True, which is why I haven’t played with it in years. However, I’ve recently picked up a couple projects where it’s become usefull.

Especially if I can get people to actually pay attention to privacy, etc. while I’m at it