Which key type for offline signing key + how to get a trusted
copy of gpg signing key
Werner Koch
wk at gnupg.org
Thu Feb 24 09:46:37 CET 2005
On Wed, 23 Feb 2005 23:26:16 +0100, Jakob said:
> with Knoppix). As I recently read that 1024bit DSA-keys are quite
> small for long time security (let's say 10 years) I wondered whether I
> should use a 4048bit RSA-key instead. Is there any reason not to do so?
Nowadays it seems that the hash algorithms are the major weakness
digital signatures; so a longer KEy does gain you anything excpept for
preety long and slow signatures. You might want to use a 2k RSA key
so that you can use SHA-256. However, the only MUST algorithm for signing in
OpenPGP is DSA and SHA-1 so by using RSA not everyone will be able to
make use of your key sigtnatures.
> verified copy of the GPG signing key (57548DCD). How did you verify
Signed by me and my key is pretty well connected in the web of trust -
go and check the signatures on my key. See Mail header for the
canonical source of my key in case your keyserver is old and dusted.
Shalom-Salam,
Werner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : /pipermail/attachments/20050224/a3329c12/attachment.pgp
More information about the Gnupg-users
mailing list