Encryption

PKI

• Guidance for Choosing an Elliptic Curve Signature Algorithm in 2022
• Elliptic curve cryptography
• SafeCurves: choosing safe curves for elliptic-curve cryptography

GnuPG

Sane settings for GnuPG (Updated 2023-05-09) * EdDSA ed25519 * ECDH cv25519

Security Keys

Common brands: * Yubikey * NitroKey * SoloKey v2

Yubikey

A quite good article on using GPG with Yubikey: https://www.andreagrandi.it/2017/09/30/configuring-offline-gnupg-masterkey-subkeys-on-yubikey/

The setup basicly works like this: * Create master key: Authentication * Create revocation certificate to revoke * Create encryption subkey * Create authentication subkey * Create signing subkey

Extend GPG key validation * Imported my master key gpg --import master.key, because this one was deleted * Extended the expiration date of my sub keys gpg --edit-key then use the expire option * Remove master key gpg --delete-secret-key MYKEYID * Restart gpg-agent

See this article: https://www.osso.nl/blog/pgp-on-yubikey-refresh-expiry/

FIDO Authentication

Authentication on Fedora Linux: https://fedoramagazine.org/use-fido-u2f-security-keys-with-fedora-linux/#more-38200