On Jul 29, 2009, at 11:14 AM, Jan Suhr wrote:
For my understanding GnuPG is standard conform and creates a "DSA
primary key (1024 bits - not "DSA2") with an Elgamal subkey per
default."
It was discussed in May to change this standard to 2048-bit RSA key:
http://www.imc.org/ietf-openpgp/mail-archive/msg33227.html
I am planing to create some new keys which will be used for the next
couple of years. Therefore I am wondering if it is a good idea to
create
2048-bit RSA keys already although it is not standard (yet). So
potentially it could cause incompatibility issues. I suppose most of
the
correspondents (>90%) use GnuPG and thus should not have any problems
with the keys.
Do you have further information about the coming standard key type?
Are
there any other obstacles or implications to consider and what is your
advice?
There is nothing particularly special about the change. RSA keys are
part of the OpenPGP standard just as DSA is. The difference is that
DSA is a required part of the standard, and RSA is optional. The
reasons behind this are at least partly historical, and no longer
apply. Nevertheless, RSA is still optional.
So yes, it is true that there could be an OpenPGP implementation out
there that does not support RSA. In practice, however, I'd be very
surprised if you had any problems. Even more so since you say that
over 90% of your correspondents use GnuPG. Personally, I've used a
RSA key since 2002 and have never had even a single instance of
someone not being able to use my key because their OpenPGP program
didn't implement RSA.
In short, I wouldn't worry about it. Use either DSA or RSA, and you
should be fine.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
