7.2. Selecting a Public Key Algorithm
You want to determine which public key algorithms you should support in your application.
RSA is a good all-around solution. There is also nothing wrong with using Diffie-Hellman for key exchange and DSA for digital signatures.
Elliptic curve cryptography can provide the same levels of security with much smaller key sizes and with faster algorithms, but this type of cryptography is not yet in widespread use.
Be sure to see the general recommendations for using public key cryptography in Recipe 7.1.
Security-wise, there’s no real reason to choose any one of the common algorithms over the others. There are also no intellectual property restrictions on any of these algorithms (though there may be on some elliptic curve variants). RSA definitely sees the most widespread use.
RSA private key operations can be made much faster than operations in other algorithms, which is a major reason it’s preferred in many circumstances. Public key operations across RSA and the two other major algorithms (Diffie-Hellman and DSA) tend to be about the same speed.
When signing messages, RSA tends to be about the same speed or perhaps a bit slower than DSA, but it is about 10 times faster for verification, if implemented properly. RSA is generally much preferable for key establishment, because some protocols can minimize server load better if they’re based on RSA.
Elliptic curve cryptography is appealing in terms of efficiency, but there ...