On 27/10/13 13:21, Johan Wevers wrote: > Which makes me think, is it possible to generate a 2048 bit RSA signing > key combined with a 3072 or 4096 bit encryption key?
Yes, although I don't think it makes sense to create an X-bit primary key with a Y-bit subkey if X is smaller than Y as the attacker can "simply" crack the primary key and attach a new subkey which will be preferred because it is newer. Optionally he can revoke the old encryption subkey. But the following layout is sensible on some level: 3072-bit RSA primary for certification (C) 2048-bit RSA subkey for data signatures (S) 3072-bit RSA subkey for encryption (E) Note that I'm not going into the discussion whether any protection beyond 2048 is sensible or whether it is already impossible to crack an X-bit primary key for useful X's. If signatures aren't that important to you anyway, you can wonder if it is useful to spend time on making it more efficient by lowering the length. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
