hi all, i have sent an e-mail to debian-users for generating a new key. a member has suggested to ask directly here. herewith i am sending the e-mail without any much modifications. i am using up to date debian sid.
i am planning to create a gpg2 key. i have googled and read some articles & ideas on the web. i have some comprehensions & doubts about creation & use of gpg2 key. i request members to provide your valuable advice & suggestions & if possible warnings [1] i have 2 packages in my system : gnupg 1.4.16-1.1 & gnupg2 2.0.22-3. there is no .gnupg directory. should i create a ~/.gnupg directory along with gpg.conf with the configuration given at [0]. [2] does creation of directory & config file before creation of gpg2 key pose any issues ? i mean when i start to create key, does gpg2 look into my home directory for config file ? [3] does the configuartion file will through up any errors if i try to create a signature [ god forbid ] with gnupg 1.4 version ? [4] do i need to absolutely create another singing only key as mentioned at [1], the link is not more than year old but it seems to be author is creating a key suing gpg 1.4. is creation of a single key with gpg2 is enough ? [5] should i simply follow the advice for creating keys given at [3] ? it makes sense after reading the comment at [4] about " It turns out there is some UK legislation whereby folks are compelled to give a copy of private keys to the UK government if they are used for signatures." [6] i am concerned about the comment "Why a 4096b key? I have had interoperability problems with keys that size in the past so usually do not use more than 2048b. Is there an RSA 2048b compromise you are aware of or are you just being through?" on link [4]. the comment is almost 4 years old & is this still relevant today ? usually adopt the highest number if given a choice blindly. [7] does the article at [5] about "OpenPGP Key IDs are not useful" apply to gpg2 also ? [8] the most important : does merely pasting the of paperkey -v --output printable.txt --secret-key backup.secret a2ps -2 --no-header -o printable.ps printable.txt in email signature or email body is enough for cryptographically protecting ? [0] https://we.riseup.net/riseuplabs+paow/openpgp-best-practices [1] https://alexcabal.com/creating-the-perfect-gpg-keypair/https://alexcabal.com/creating-the-perfect-gpg-keypair/ [3] http://blog.bofh.it/debian/id_437 [4] http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/ [5] https://www.debian-administration.org/users/dkg/weblog/105 regards, war.dhan p.s. please c.c. me. i am not subscribed to mailing list. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
