On Wed, Jul 29, 2009 at 05:14:04PM +0200, Jan Suhr wrote: > For my understanding GnuPG is standard conform and creates a "DSA > primary key (1024 bits - not "DSA2") with an Elgamal subkey per > default."
> It was discussed in May to change this standard to 2048-bit RSA key: > http://www.imc.org/ietf-openpgp/mail-archive/msg33227.html > I am planing to create some new keys which will be used for the next > couple of years. Therefore I am wondering if it is a good idea to > create 2048-bit RSA keys already although it is not standard (yet). Yes, it is. RSA keys are marginally safer, and in my view of the world, DSA keys were introduced in the OpenPGP world (GnuPG and PGP and friends) only / mostly for historical reasons that don't apply anymore, namely that RSA was patented and DSA/DH/ElGamal was not (the patent had expired). The patent for RSA has now been expired for a few years (since 2003) and has actually been releases prior to expiration back in 2000. RSA keys are in very wide use nowadays. > So potentially it could cause incompatibility issues. Only people using rather old versions of GnuPG or PGP (from 1997-2000) will have any trouble with RSA keys. If they use GnuPG, they can install a plug-in that will enable RSA for them. I don't know if a similar option is available for PGP. > Do you have further information about the coming standard key type? > Are there any other obstacles or implications to consider and what > is your advice? For a key to be used only for a couple of years, it may not be worth the bother, but you can make it a bit stronger by following the directions in http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/ http://www.debian-administration.org/users/dkg/weblog/48 The difference in security between not following these directions and following them may very well be irrelevant for you, because the weakest link in your security may be elsewhere (e.g. penetration of your computer or home). -- Lionel _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
