Changing GPG's default key type
dshaw at jabberwocky.com
Mon May 4 16:40:46 CEST 2009
Currently, GPG's default key type, the one that is recommended to all
new users, is a DSA primary key (1024 bits - not "DSA2") with an
Elgamal subkey. We are currently thinking about changing the default
primary to a 2048-bit RSA key.
The main benefits of changing the key type is that it can go past the
1024 bit DSA1 limit, and would also not be limited to a 160-bit hash,
both of which are getting a little long in the tooth. We could get
similar benefits with a DSA2 key, but DSA2 is not nearly as widely
implemented as RSA is, so is not a good option for a default key at
this time. We will of course continue supporting DSA2 (and DSA "1")
as we do now. This is purely a question of what the default key
This is not directly prompted by the recent SHA-1 troubles, but it is
somewhat related, as it would let users of the default key type use
hashes larger than 160 bits. That said, this is not intended to be a
fix for the SHA-1 problems. We are not proposing changing our default
signing hash, which will remain SHA-1.
After a bit of internal discussion, we thought it was worth mentioning
this here, to see if the community had any issue or other comments. I
don't expect this to be a particularly controversial move, but
discussion is always welcome.
One issue, of course, is that RSA is not a required key type in
OpenPGP, so there could be some implementation out there that won't be
able to handle it. I'm not terribly concerned about this, as in
practice, the vast majority of code has handled RSA just fine for the
past decade, and if a particular user needs to generate a non-RSA key,
they can still do so.
There are a few other details (RSA signatures are physically larger,
etc), but I believe they are outweighed by the benefit of the larger
key and additional hash flexibility.
More information about the Gnupg-devel