It dawned on me that after we switched direction on passphrase generation, we should have refactored so that instead of requiring an RSA private key in ~/.ssh/id_rsa and reading that key for use as the signing key in the GPG key file, we should have just created a new Ed25519 signing key pair and used that.
Refactor to do this. Figure out how to handle existing files (key files and encrypted files) that don't match the new scheme.
It dawned on me that after we switched direction on passphrase generation, we should have refactored so that instead of requiring an RSA private key in ~/.ssh/id_rsa and reading that key for use as the signing key in the GPG key file, we should have just created a new Ed25519 signing key pair and used that.
Refactor to do this. Figure out how to handle existing files (key files and encrypted files) that don't match the new scheme.