[sbrass]

Thanks for the great post! However, I discourage the usage of RSA with 4096 bit as it does not offer any substantial security over RSA with 2048 bit. The mean idea behind the "No-4096-bit" is nicely explained by GnuPG people themselves, https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa40....

Therefore, wouldn't it be more efficient to use elliptic curve cryptography, i.e. ED25519, if you want that extra bit of security? It's included in GnuPG since version 2.1.0 released in November 2014 - at least in an experimental state.

[NilsIRL]

As suggested by the [release notes](https://gnupg.org/faq/whats-new-in-2.1.html#ecc), not many PGP implementations support ECC.

[sbrass]

I would have agreed then, in 2014, maybe, one or two years later, completely with GnuPG's statement on ECC support. I cannot state whether any of the other open-source and free projects on encryption have advanced to ECC, however, I would expect most of them have so far. Independent of the ECC support in other programs than GnuPG, I think to advance to the newest, but stable and well-tested, security measures (ECC), would be a good idea and will pay of in the future? I expect, of course, to advance to the newest stable versions will, at some point, introduce regressions with older versions (or platforms). But I think that is a price we should be willing to pay.

[JoshTriplett]

> not many PGP implementations support ECC

What other PGP implementations are relevant to interoperate with in 2020? Who still uses PGP, but doesn't use GPG? And why?

[zaarn]

Then you can't verify it unless you upgrade, but I think it's an acceptable price that those pay who run older versions.

[arianvanp]

Also GitHub doesn't support it. The website just crashes with "An unknown error has occured" when you try to upload an ECC key for gpg

[patrickmcnamara]

GitHub definitely supports it. I've been using an Ed25519 key for about a year now.

[arianvanp]

Are you sure you're talking about GPG and not SSH?

I just tried again and it did not work