pull down to refresh
10 sats \ 2 replies \ @ZezzebbulTheMysterious 13 May \ parent \ on: GitHub - eddieoz/openxrypt: Secure Direct Messaging for Social Media privacy
The problem is that openpgp has a massive footprint and supports many legacy key formats. It is from a time of “cryptoagility”, which is an anti goal today. You don’t want to be using RSA keys in 2024.
have a look at saltpack
I recommend using ECC 25519 in README because of RSA's massive and slow keys.
It is secure, fast, and widely used today.
GPG is not 'anti-goal'. It is about security and anti-surveillance.
reply
You misunderstand me — “cryptoagility” is an anti-goal today. OpenPGP was designed for “cryptoagility”, so it runs against modern cryptographic engineering principals. This is yet another reason why OpenPGP is bad.
I agree curve25519/ed25519 is what you want to use, that’s why I recommended a modern cryptography library like NaCl and Saltpack for encoding. Not OpenPGP.
It’s not enough to not recommend RSA, a good cryptosystem doesn’t support bad algorithms.
Really you shouldn’t recommend anything, because users have no clue. You simply abstract sensible params for the user.
reply