Key Type & Size / Multiple Email Accounts / Key Server Questions

Brian M. Carlson
Wed Apr 3 18:23:01 2002

Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 02, 2002 at 02:38:19PM -0600, Greg Strong wrote:
> I'm new to GnuPG.  You might say that I'm in learn and test mode before=
> using full time and publish keys to key servers.  I have several=20
> questions.  They are as follows:
> 1) What type of key do you suggest?  I ask this question because I'll use=
> GnuPG primarily for signing but in limited instances for encryption. =20
> I've read the manual and know DSA is limited to a size of 1024 bits, and=
> is used only for signing.  ElGamal can be used for both signing and=20
> encryption with no limit on size.  My first inclination is to use the=20
> default of DSA & ElGamal.  See question #2 when answering.

I'd suggest that you not create an ElGamal type 20 (sign and encrypt) key,
as these signatures are enormous. (If you'd like to see how big, I can show
you off-list.) They are also not very well supported. DSA / ElGamal is a go=
default, as it produces small signatures.
> 2) With the advancement of computing power what key size do you=20
> recommend?  Presently I'm using an old P166 PC that will update in the=20
> near future.  For getting off the ground with GnuPG I have tested with=20
> type 1 (DSA & Elgamal) with both having a size of 1024 bits.  After=20
> generating the keys this size hasn't really pushed this old PC.  It=20
> hasn't really been exposed to much either.

For the ElGamal, I wouldn't use anything smaller than 2048, and probably fr=
3072-4096. Some people will say this is overkill; it pays to be paranoid. T=
DSA can be no larger than 1024, and that's where I'd leave it.

> 3)  If you have multiple email accounts on one key and put on a key=20
> server, would these multiple email accounts then be analogous to being=20
> published in a telephone book?

Well, it depends on what you mean by that. If you mean can someone search f=
them on a keyserver, yes. But that's a Good Thing, IMO. AFAIK, nobody has
ever been spammed because their email address was on their OpenPGP key.

Brian M. Carlson
OpenPGP: 0x351336B2DCA1913A

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6d (GNU/Linux)
Comment: Ubi libertas, ibi patria.