An overview of the current state of GnuPG for e-mail encryption and signing:

TL;DR: Use ECC-based keys (Ed25519, Curve25519) as they are the future-default of GPG, smaller and faster than RSA, and Curve25519 is widely used by many different projects. If you use modern E2EE instant messengers for personal communication, there is likely no need to switch to GPG.


I don't understand how can you recommend Ed25519, Curve25519 against RSA for emails encryption when it is weaker than RSA against Quantum computer.

Could you please explain me why?


It is likely that every kind of encryption scheme we use can be broken in future (including RSA). However, at the moment, we don't have any quantum computers that can break Curve25519 or other strong ECC-based ciphers. Before this changes, GPG (and other tools) has to provide new post-quantum crypto. Then, we also have to change recommendations.

Besides, this is also true for TLS. Breaking the key exchange (e.g., ECDHE) likely breaks forward security.


I disagree with you. ECC-based ciphers and RSA are not at the same level against quantum computer.

From the read I did, the key length matter and a 4096 RSA bits key required a stronger quantum computer than a 256-512 ECC bits key.

That is why I think RSA with a key of 4096 bits is more future proof than ECC 256 bits for GPG.

Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse. Note: This instance will shut down on February 29th, 2020.