Feedback and Inquiry: Exploring RSA and ed25519 Support in Passbold

Dear Passbold Community,

I hope you’re all doing well! I wanted to reach out with a question that’s been on my mind.

I’m a big fan of Passbold and would love to use the password manager to organize my digital identities. However, I’ve noticed that Passbold currently only supports RSA for authentication and not ed25519, which I would prefer to use.

In addition to this concern, I’ve been thinking about the security implications of RSA. Despite its widespread use, there are ongoing discussions about potential vulnerabilities and the long-term security of this encryption algorithm.

I’m curious to know how relevant these topics are for the Passbold community. Do you consider it important which cryptographic methods Passbold employs, and is there interest in adding support for ed25519? I’m also interested in hearing your thoughts on the potential security concerns surrounding RSA and how you perceive them.

I’m looking forward to hearing your opinions, advice, and perhaps explanations regarding Passbold’s security and cryptographic methods.

Best regards

1 Like

Hi @vulinux :wave:

Passbold support ECC (ed25519 is an ECC implementation) since version 3.6.0.

While creating your passbold account, you can set your own gpg key, who can use the ed25519 algorithm.

I wrote a memo on my personal blog about this: GPG Memo for passbolt | Linux and DevOps Stuff !

Basically, you can use this command to create your key:

gpg --homedir gpg-tmp --batch --no-tty --gen-key <<EOF
    Key-Type: eddsa
    Key-Curve: ed25519
    Key-Usage: sign,cert
    Subkey-Type: ecdh
    Subkey-Curve: cv25519
    SubKey-Usage: encrypt
    Name-Real: John Doe
    Expire-Date: 0
    Passphrase: a-strong-passphrase

Of course, set you correct name, email and passphrase. :slight_smile:

If you are interested about Passbold security, you can read the Passbold Security White Paper: