I already have an existing PGP key (RSA/4096) for my email address and was just wondering if there is any benefit of using the key that Delta Chat generates versus importing my existing private key.
The FAQ mentions that topic, but doesn’t explain what to prefer.
Is the key that Delta Chat generates less secure?
I have successfully imported my existing PGP key into Delta Chat, but now I am unable to export a private key generated by Delta Chat for use with K-9 Mail, although that email client is Autocrypt capable.
So I sent the Autocrypt Setup Message from Delta Chat and opened that email in K-9 Mail, which by itself did not do anything. Clicking on the shown email attachment named autocrypt-setup-message.html led to an error message (“Decrypt - Encountered an error reading input data!”).
I also tried with exporting the private key from Delta Chat, imported it in OpenKeychain (which is what K-9 Mail is utilizing), could see and check it there, but after that K-9 Mail was not able to recognize it as key for the used email address.
Is it possible that the key generated by Delta Chat is not usable by an (Autocrypt enabled) email application like K-9 Mail?
What else could the problem be?
Never mind, I decided to start fresh with using a dedicated email account and sticking to the key that Delta Chat generated. Since I don’t feel the need to make use of that key in an email client that way, I didn’t try again importing the new key into K-9 Mail again.
I have nevertheless exported the key for having a backup, and looking into that file I have to say that the key data is really short in comparison to my RSA/4096 key.
Any idea how the key that Delta Chat generates compares to a regular RSA/4096 key security-wise?
Delta Chat generates a Curve25519 key, which is a more modern kind of key than RSA, which gives you the same level of security, while the keys are much shorter; search the internet for Curve25519 if you are interested in more details.
If someone can decrypt your conversations, then because they get hold of your phone, or install malware on it, or do a man-in-the-middle-attack (use verified groups if you want to avoid the latter; in some releases we will rename them to “protected chats” and promote them a bit more).
Or because they finally built a “capable” quantum computer, which most probably won’t be in the next decades, though.
Very well, thanks for the clarification, this is really great then. Not that my situation would require high security, but I was slightly concerned that it may be less secure with such a short key.
I have already added a verified group for internal purposes, which is another great feature.