Ensure that you configure encryption algorithms correctly using security standards
I had to review my GPG key today and wanted to make sure I’m using the correct configuration. I wrote in a previous article how to configure a key for GPG to encrypt documents in emails showing the use of an RSA key, but I mentioned that some had said that RSA was not the best choice . An ECC (Electric Curve Cryptography) key would be preferable.
After this post, some researchers announced a new vulnerability involving SSH and RSA encryption.
I explained how to use ECC on AWS instead of RSA. AWS only gives you one choice when you configure your ECC key for encryption for use. I’ve also written about some ways to handle SSH algorithm selection.
However, when using ECC, there are actually different curves and ways to configure it. Because I’m not an expert in cryptography, which means I don’t study the underlying math all day long (some people think they’re experts when they’re not), I I generally rely on the advice of others when selecting and implementing cryptography. But what expert advice should you use?
NIST (National Institutes of Standards and Technology) sets standards for the US government. Many security leaders (at least in the United States) follow their advice.
Different types of encryption algorithms serve different purposes. NIST provides guidance for all algorithms here: