You can also create a modern Curve25519 key using Kleopatra GUI which is much more accessible for normies. Needs to be a recent version though. The one provided by Gpg4Win supports it. On the Linux side though, gotta avoid distro repos as usual.
Excellent [guide to using gpg with Curve-25519](https://www.digitalneanderthal.com/post/gpg/).
#gpg #encryption #privacy
Discussion
Could you elaborate a little on avoiding distro repos?
I noticed when I just generated a new key that it took a bunch of extra setup (pinentry = "gtk2" and other stuff), and at the point of gathering randomness for entropy it seemed like it basically...didn't.
What should we look out for? (Thanks in advance!)
If you use Ubuntu or another distro based on it or Debian, the repos will serve up outdated versions of many apps including Kleopatra. If you look for Kleopatra builds direct from the project itself, they have recent builds, and these not only support Curve25519 but actually use it by default to generate new keys.
I use Kleopatra for most of my PGP stuff and never had a problem when using the current releases rather than the outdated repo packages.
I guess the package latency issue kind of goes away with NixOS, right?
"I use NixOS, BTW"
LOL
Ahhh. I'm not familiar with NixOS tbh. It looks like a really cool project and I'm aware of it, but haven't done a deep dive or properly tried it out yet. So can't really give any advice on how it manages packages, or if Kleopatra has compatibility issues with Nix for any reason.
What is so special about it? I wonder from time to time if I should switch over.
I think the usual answer is 'reproducible builds' -- you can basically set up your computer, its software, and all the software settings - with a single configuration.nix file. The hardware configuration is created at build time, so you can move to a different machine and have the exact same software all set up. If you're managing a bunch of boxes then you can push upgrades and fixes to them and they're all done. Imagine capturing all your software, and their configurations, in a git repository - did something break? Switch back to the last "version."
The other great benefit is that often, especially in FOSS/linux scenarios, package dependencies get broken or are conflicting - e.g., Favorite Software A is dependent on release 1.2.1 of something but Favorite Software B is only compatible with release 1.3.4 of that same dependency. You can pin dependencies and avoid conflicts.
Others who are far more tech-savvy can correct or enhance the above, but that's my take on it. I'm a bit of a command-line geek, love to play with new software and learn more linux tricks etc., so it's more of a hobby thing for me. You can install it and have a UI similar to gnome but the real benefit is building up your configuration and making use of that.