On Thursday 09 December 2010 07:14:53 Ben McGinnes wrote: > Hello, > I am giving very serious thought to creating new keys and > doing a (long-term) transition to them. This is partly to respond to > known flaws with SHA-1 and take advantage of SHA-256 and higher. > > There is currently a push to move away from SHA-1 usage by the end of > 2010, although it will almost certainly take longer than that. There > is a discussion of some of the issues involved here. > > http://www.debian-administration.org/users/dkg/weblog/48 > Hi Ben,
I had a similar situation: I started to use a CryptoStick, which can only handel RSA keys. After some discussions [1], I revoked the ElGamal and have now only one encryption key in my keyring. Sven [1] http://lists.gnupg.org/pipermail/gnupg-users/2010-November/039828.html > At the moment I am planning on using an RSA signing key, but I have > not made my final decision on the encryption subkeys. I am leaning > towards Elgamal, but that's by no means certain. > > The other option, of course, is to create a key with both RSA and > Elgamal encryption subkeys, which does lead to questions: > > 1) I've forgotten how GPG handles the subkeys, does it choose the > strongest key or the newest key by default or does it encrypt to all > active (non-revoked or non-expired) subkeys? > > 2) How does PGP (of any version) handle multiple subkeys? > > 3) Does anyone know of any problems or issues with any version of PGP > or GPG when handling keys with multiple subkeys? > > 4) Which encryption algorithm do people prefer of RSA and Elgamal, if > either, and why? I'm doing my own research here, of course, but it > doesn't hurt to ask (yes, I'm already aware of Sam Simpson's > informative FAQ and am re-reading it). > > The opinions of the list on any or all of these questions would be > greatly appreciated. > > > Regards, > Ben > > P.S. Apologies to readers of PGPNET and/or PGPMIMENET, who have > already seen this message. ;) > > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
