// glossary / ed25519

Ed25519.

A modern elliptic-curve signature algorithm — small keys, fast signing, strong security margin, and now the default for new OpenPGP keys generated by current tools. If you're starting fresh in 2026, Ed25519 (paired with Curve25519 for encryption) is what you want.

// definition

Ed25519 is a digital signature scheme based on EdDSA over the Edwards form of Curve25519. In OpenPGP it's used as a signing algorithm — your key signs messages with Ed25519, others verify the signatures with the same algorithm against your public key.

What it is.

Ed25519 belongs to the family of elliptic-curve cryptography (ECC). Instead of working with very large integers (as RSA does), elliptic-curve schemes work with points on a specific mathematical curve — Curve25519 in this case, in its Edwards form. The signing scheme on top of it is EdDSA, and the specific parameter set is Ed25519.

For OpenPGP, Ed25519 was standardized in RFC 8032 (the signature scheme itself) and integrated into OpenPGP via RFC 4880bis / RFC 9580. Modern OpenPGP tools — GnuPG 2.1+, GPG Suite, OpenKeychain, PGPony — generate Ed25519 keys by default for new identities.

Why it matters.

Practical advantages over RSA:

Smaller keys. 256 bits of Ed25519 public-key material is comparable in security to 3072+ bits of RSA. Smaller fingerprints, smaller key files, less bandwidth on every operation.
Faster operations. Signing and verifying Ed25519 is dramatically faster than RSA of equivalent strength. Generation is near-instantaneous (sub-second) where RSA-4096 takes seconds.
Deterministic signatures. Ed25519 signatures don't depend on a random nonce per signature (unlike DSA / ECDSA), eliminating an entire class of catastrophic-implementation bugs.
Strong security margin. Resistant to most known classes of side-channel attacks when implemented properly.

Reasons to pick RSA instead: explicit interop with a legacy system that doesn't support ECC. For practical purposes today, every current OpenPGP tool supports Ed25519, so this constraint is rare.

// gpg key listing

pub ed25519 2026-01-15 [SC] AAAA BBBB CCCC DDDD EEEE FFFF 1111 2222 3333 4444 uid [ultimate] You <you@example.com> sub cv25519 2026-01-15 [E] ← Curve25519 encryption subkey sub ed25519 2026-01-15 [S] ← Ed25519 signing subkey

Ed25519 + Curve25519 (also called cv25519 / X25519) is the standard pairing — Ed25519 for signatures, Curve25519 for encryption.

// in PGPony The Generate Key screen offers Ed25519+Cv25519 as the recommended algorithm. PGPony's implementation uses iOS CryptoKit (which provides hardware-accelerated Ed25519 where the device supports it) and Bouncy Castle on Android.

Related terms

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.

Download on the App Store Get it on Google Play