Marcus Meissner of openSUSE announced that openSUSE Linux RPM and repository signing keys are switching to using a stronger 4096-bit RSA key to provide better security for users.
The new RSA keys will be applied to the Tumbleweed rolling release, as well as the openSUSE Leap, openSUSE Backports and SLE (SUSE Linux Enterprise) repositories.
For openSUSE Tumbleweed, the new 4096-bit RSA key will be used starting with this week’s snapshot. This means that if users update the Tumbleweed repository regularly, they will automatically be upgraded to the new RSA key, which will be imported into the RPM keyring.
According to Marcus Meissner, this conversion is necessary to meet the current security recommendations. It is known that 4096-bit keys are considerably stronger than 2048-bit keys. However, 4096-bit keys consume a lot of CPU resources during handshaking.
The GPG fingerprint of the new 4096-bit key is as follows.
Meissner said that the openSUSE Leap system will switch to the new RSA key sometime in 2023, but did not provide a specific time frame. Therefore, it is highly recommended to always keep the system and patch installations up to date.