| ▲ | anta40 5 days ago | |
I'm curious. What's the advantage of using signify/minisign instead of good old PGP/GPG? | ||
| ▲ | some_furry 5 days ago | parent [-] | |
PGP/GPG is a complicated mess designed in the 1990's and only incrementally updated to add more complexity and cover more use-cases, most of which you'll never need. Part of PGP/GPG is supporting a large swath of algorithms (from DSA to RSA to ECDSA to EdDSA to whatever post-quantum abomination they'll cook up next). Signify/Minisign is Ed25519. Boring, simple, fit-for-purpose. You can write an implementation of Minisign in most languages with little effort. I did in PHP years ago. https://github.com/soatok/minisign-php Complexity is the enemy of security. | ||