On 04/15/2011 02:01 PM, Thomas Harning Jr. wrote: > I've generated and published a 8192-bit non-expiring RSA 'master' key > for signing other keys as well as 2048-bit RSA keys for signing and > encryption (expiring in a few years). The master key is protected by > > I have not had it signed by other users yet and am concerned that I > might want to generate a new keyset before I get the 8192-bit key in > wide circulation. I have, however, signed tags in my Git source > repository with a subkey... so would it make sense to migrate those > subkeys (through trickery i've seen)... or would the fact that they > are available under the 8192-bit key be a general problem?
An 8192-bit key could be incompatible with most OpenPGP software. For that reason I wouldn't recommend it. However, compatibility won't make a difference if you will be the only one using your public key. On the other hand if the key is for communication or code signing, compatibility is important. I believe that 4096 bits would be the largest size that you should use. Just know that if you want to use an OpenPGP smartcard that 3072 bits is currently the largest key size for a key stored on the card (if you use subkeys for encryption, signing, or authentication then the 3072 bits size doesn't apply to the master key). As far as "migration" is concerned, I don't know what you are referring to. Would you expound on this? > Some options I am considering after reading blogs/etc: > * Generate RSA 4096-bit master signing key and revoke the 8192-bit > key noting that it has been superceded I would recommend this since you want to use the key with other people. In which case, you need compatibility. > * Generate DSA 3072-bit master signing key and revoke... (this is > well supported, right?) It will work fine for anyone who uses GnuPG, as far as I know, but I don't know about PGP. You'll have to ask about PGP's support 3072-bit DSA keys. But whether you should or shouldn't use a 3072-bit DSA key versus a 4096-bit RSA key is simply personal preference, notwithstanding any compatibility issues, if there is any. > * Wait for ECC to be in standard and supported by PGP and GnuPG Don't wait; use cryptography now. There will always be a better solution coming. Just switch when it becomes available. And once again, remember compatiblility. It is fine to switch to ECC when it becomes available, but don't throw away using regular RSA/DSA/Elgamal keys until most everyone else has switched to ECC. > * Generate ECC key and keep it alongside my better-supported 8192-bit > key until better software support arrives (perhaps keeping both > well-signed?) > - this implies the ECC public key storage for signing it has been > set in stone... Notwithstanding my comments about a 8192-bit key, I would probably do this too after ECC has become available in GnuPG and has been well tested. I would have an ECC key and prefer its use, but have a non-ECC key for those who are still using non-ECC keys. Just know that everything that I have said is just one man's opinion, but the compatibility issue is several men's. Cheers, -Paul -- PGP Key ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
