Pretty much, RSA is your only reasonable, reliable & compatible option in OpenSSH


  • DSA is deprecated in OpenSSH 7.0
  • ECDSA is not supported by GNOME Keyring.
  • Ed25519 is not supported by GNOME Keyring.


Via SSH Keys, in Arch Linux Wiki



  • As of July 10, 2015, GNOME Keyring does not handle ECDSA[4] and Ed25519[5] keys. Users will have to turn to other SSH agents or stick to RSA keys.
  • These keys are used only to authenticate you; choosing stronger keys will not increase CPU load when transferring data over SSH.


Via How to save an SSH key passphrase in gnome-keyring? in Stack Exchange for Unix & Linux

cd $HOME/.ssh
/usr/lib/seahorse/seahorse-ssh-askpass my_key


In Arch Linux Wiki


NaCl : Networking and Cryptography library

  • Pronounced “salt”
  • Stands for “Networking and Cryptography Library”
  • Is in the public domain
  • Aspires to be patent clean; has not received any claims of patent infringement.


Authors’ release

Forks & Additions



  • Daniel J. Bernstein (University of Illinois at Chicago)
  • Tanja Lange (Technische Universiteit Eindhoven)
  • Peter Schwabe (Academia Sinica)



  • Niels Duif (Technische Universiteit Eindhoven)
  • Emilia Käsper (Google, ex-Katholieke Universiteit Leuven)
  • Adam Langley (Google)Matthew Dempsky (Google, ex-Mochi Media)
  • Sean Lynch (Facebook)
  • Jan Mojzis
  • Bo-Yin Yang (Academia Sinica)


  • Curve25519
  • Salsa20
  • Poly1305


  • SUPERCOP => System for Unified Performance Evaluation Related to Cryptographic Operations and Primitives, an API
  • eBACS => ECRYPT Benchmarking of Cryptographic Systems
  • eSTREAM => the ECRYPT Stream Cipher Project


  • IEEE P1363
  • NIST P-256
  • NIST “Suite B”
    • twist security
    • Montgomery representation
    • Edwards representation
  • AES
    • AES-GCM
  • Curve25519
    • Ed25519
  • Diffie-Hellman
    • ECDH
  • DNS
    • DNSCrypt
    • DNSCurve
    • DNSSEC
  • DSA
    • ECDSA
    • EdDSA
  • ElGamal
  • HMAC
  • OpenSSL
  • PKCS
    • PKCS#1
  • Poly1305
    • Poly1305-AES
    • RIPEMD-160
  • RSA
    • RSA-1024
    • RSA-2048
    • RSA-SHA1
    • RSA-SHA256
  • Schnorr
  • TCP
    • CurveCP
  • TLS (SSL)
    • DTLS
    • GnuTLS


Daniel J. Bernstein, Tanja Lange, Peter Schwabe; The security impact of a new cryptographic library; In Proceedings of LatinCrypt 2012; 2012-07-25; 18 pages.


This paper introduces a new cryptographic library, NaCl, and explains how the design and implementation of the library avoid various types of cryptographic disasters su ffered by previous cryptographic libraries such as OpenSSL. Specifi cally, this paper analyzes the security impact of the following NaCl features: no data flow from secrets to load addresses; no data flow from secrets to branch conditions; no padding oracles; centralizing randomness; avoiding unnecessary randomness; extremely high speed; and cryptographic primitives chosen conservatively in light of the cryptanalytic literature.


Via: backfill