Key Type & Size / Multiple Email Accounts / Key Server Questions

Brian M. Carlson karlsson@hal-pc.org
Wed Apr 3 18:23:01 2002


--uAKRQypu60I7Lcqm
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 02, 2002 at 02:38:19PM -0600, Greg Strong wrote:
> I'm new to GnuPG.  You might say that I'm in learn and test mode before=
=20
> using full time and publish keys to key servers.  I have several=20
> questions.  They are as follows:
>=20
> 1) What type of key do you suggest?  I ask this question because I'll use=
=20
> GnuPG primarily for signing but in limited instances for encryption. =20
> I've read the manual and know DSA is limited to a size of 1024 bits, and=
=20
> is used only for signing.  ElGamal can be used for both signing and=20
> encryption with no limit on size.  My first inclination is to use the=20
> default of DSA & ElGamal.  See question #2 when answering.

I'd suggest that you not create an ElGamal type 20 (sign and encrypt) key,
as these signatures are enormous. (If you'd like to see how big, I can show
you off-list.) They are also not very well supported. DSA / ElGamal is a go=
od
default, as it produces small signatures.
=20
> 2) With the advancement of computing power what key size do you=20
> recommend?  Presently I'm using an old P166 PC that will update in the=20
> near future.  For getting off the ground with GnuPG I have tested with=20
> type 1 (DSA & Elgamal) with both having a size of 1024 bits.  After=20
> generating the keys this size hasn't really pushed this old PC.  It=20
> hasn't really been exposed to much either.

For the ElGamal, I wouldn't use anything smaller than 2048, and probably fr=
om
3072-4096. Some people will say this is overkill; it pays to be paranoid. T=
he
DSA can be no larger than 1024, and that's where I'd leave it.

> 3)  If you have multiple email accounts on one key and put on a key=20
> server, would these multiple email accounts then be analogous to being=20
> published in a telephone book?

Well, it depends on what you mean by that. If you mean can someone search f=
or
them on a keyserver, yes. But that's a Good Thing, IMO. AFAIK, nobody has
ever been spammed because their email address was on their OpenPGP key.

--=20
Brian M. Carlson
<karlsson@hal-pc.org>
OpenPGP: 0x351336B2DCA1913A

--uAKRQypu60I7Lcqm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6d (GNU/Linux)
Comment: Ubi libertas, ibi patria.

iQEVAwUBPKsspeWR/8lWBVPnAQOcjAf/amfVGSdBcX0fQX0mLfeBdlM1fIvezPvj
A+DGkFoQW8aXoxcOqCj6W2MzC7Layg4m2YmktHqB6rTrics2vjYFUiRXzQnKSfTW
ZdwSgzkmaLImgQ0K5LDrgBgksv7Ig+aYVZ2KCHjFvvml4jsV+OZhoHT1ZwQku4QI
QR8KCNt8Jq6JSexprvmoKAGAnChR9FQa8YcEFTjhoyv7Stqe36jiYGorOtFmURpL
jJSPvxt1r4QdX4ay9kqfXK8w4zmxBaI5jbbjmYe/OH2R2rx/9mYHW57eNDkzDWM+
nypq6SvBAgYNIy3kAioggZwSR9+CFznepzqhxbdM9iC1EJmIymdWYQ==
=4Ya6
-----END PGP SIGNATURE-----

--uAKRQypu60I7Lcqm--