add subkey vs generate new set?

David Shaw dshaw at
Fri Oct 17 05:48:05 CEST 2008

On Oct 16, 2008, at 6:01 PM, Werewolf wrote:

> Another Pondering as every year need bigger bit sized keys to be  
> secure
> Benefits and Cons
> Wondering if adding a bigger encryption/signing sub keys to current  
> key
> on keyserver leaves the benefit keeping the same finger print? So  
> don't
> have inform all your corresondences to get a new key from you?  They
> just have --refresh their public keyrings
>  Over
> Just setting old key to expire and Generate a new set, collect
> signatures again, change info on web pages and/or bussiness cards?

It depends on how many signatures you have.  If you have none, or just  
a handful that could be easily gotten again, then it doesn't matter  
much.  Otherwise, there is a real benefit to adding subkeys to your  
existing key.

It is not true, though, that you need continually bigger keys to be  
secure.  You just need (somewhat) bigger keys than the current best  
attack to be secure.   The default size in GPG is 2048, which is  
extremely safe.  When in doubt, use the default.


More information about the Gnupg-users mailing list