add subkey vs generate new set?
faramir.cl at gmail.com
Fri Oct 17 01:45:53 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
> Another Pondering as every year need bigger bit sized keys to be secure
> Benefits and Cons
IMHO, I would just use 2048 bits keys and focus in keeping the keys
safe... and using good algorithms. But consider I am not an expert, and
I am not even an experienced user...
I found a document today, maybe it is worth taking a look at it:
> Wondering if adding a bigger encryption/signing sub keys to current key
> on keyserver leaves the benefit keeping the same finger print? So don't
> have inform all your corresondences to get a new key from you? They
> just have --refresh their public keyrings
Yes, you can keep the primary key and change the subkeys... you can
even remove the primary key (and store it SAFE) and work with the
subkeys... there is a tutorial about that, and was posted in this list a
Look at "Secure Key Generation" in the site
> Just setting old key to expire and Generate a new set, collect
> signatures again, change info on web pages and/or bussiness cards?
I have not collected a single strong signature in 5 months, so if I
ever get one, I won't be happy if I have to revoke my key (lol).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users