// glossary / rsa-pgp

RSA in OpenPGP.

The original PGP algorithm. Still universally supported, still secure at 3072 bits or higher, but no longer the modern default. Most new OpenPGP keys are Ed25519 + Curve25519 because they're smaller and faster, but RSA remains the right answer in specific legacy and interop scenarios.

// definition

RSA (Rivest-Shamir-Adleman) is a public-key cryptosystem based on the difficulty of factoring large integers. In OpenPGP it has historically been the dominant algorithm for both signing and encryption, with 2048-bit, 3072-bit, and 4096-bit key sizes commonly seen.

What it is.

RSA was published in 1977 and became the workhorse of public-key cryptography for decades. A pair of keys: the public key consists of a modulus (n) and an exponent (e), where n is the product of two large primes; the private key is everything needed to invert operations done with the public key. Security relies on the practical difficulty of factoring n back into its prime factors.

In OpenPGP, RSA can be used for both signing and encryption. A key labeled rsa3072 or rsa4096 in a key listing is using RSA at that bit length. Modern OpenPGP supports RSA keys up to 4096 bits routinely; some implementations handle larger.

When to use it (and when not to).

Use Ed25519 + Curve25519 (the modern default) when:

You're generating a new key in 2026 with no legacy constraint.
You want smaller keys, faster generation, faster signing/verifying.
Your contacts use modern OpenPGP tools (GnuPG 2.1+, GPG Suite, OpenKeychain, PGPony — all support ECC).

Use RSA when:

You need to interop with a specific legacy system that doesn't accept ECC keys (some older corporate or embedded tools).
You're migrating from an older PGP setup where everything is already RSA, and the cost of moving outweighs the benefit.
You have an explicit cryptographic policy that mandates RSA (rare; mostly in certain regulated environments).

At sizes commonly used today (3072+ bits), RSA remains secure against known attacks. The practical disadvantages are operational — larger fingerprints, slower generation, larger signatures — not cryptographic.

// RSA key sizes and approximate security strength

RSA-1024: Deprecated — broken in practice, do not use. RSA-2048: Roughly 112 bits of security. Acceptable for short-term keys but Ed25519 (128-bit equivalent) is better for new keys. RSA-3072: Roughly 128 bits of security. Common modern RSA choice. RSA-4096: Roughly 140 bits of security. Slower, larger; marginal benefit over 3072 in practice.

// in PGPony The Generate Key screen offers RSA 2048 and RSA 4096 alongside Ed25519+Cv25519. Pick RSA only if you have a specific legacy interop requirement. PGPony imports any RSA key correctly regardless of how it was generated, so existing RSA users can use PGPony without rotating.

Related terms

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.

Download on the App Store Get it on Google Play