Key Type & Size / Multiple Email Accounts / Key Server Questions

David Shaw
Wed Apr 3 19:33:02 2002

On Tue, Apr 02, 2002 at 02:38:19PM -0600, Greg Strong wrote:
> I'm new to GnuPG.  You might say that I'm in learn and test mode before 
> using full time and publish keys to key servers.  I have several 
> questions.  They are as follows:
> 1) What type of key do you suggest?  I ask this question because I'll use 
> GnuPG primarily for signing but in limited instances for encryption.  
> I've read the manual and know DSA is limited to a size of 1024 bits, and 
> is used only for signing.  ElGamal can be used for both signing and 
> encryption with no limit on size.  My first inclination is to use the 
> default of DSA & ElGamal.  See question #2 when answering.

You actually have another possibility which is an RSA key.

As to which to pick, it depends on the use.  ElGamal signatures are
somewhat controversial (they're hard to get right), and so may not be
widely supported in the future.  RSA signatures are physically large,
which may be a disadvantage if you're signing emails most of the time.

This document, while slightly out of date, is fantastic on the subject:

In general, if you are signing emails, then I'd pick DSA for your
signing key.

> 2) With the advancement of computing power what key size do you 
> recommend?  Presently I'm using an old P166 PC that will update in the 
> near future.  For getting off the ground with GnuPG I have tested with 
> type 1 (DSA & Elgamal) with both having a size of 1024 bits.  After 
> generating the keys this size hasn't really pushed this old PC.  It 
> hasn't really been exposed to much either.

Well, DSA is limited to 1024, and that what to use (there is no point
in going smaller).  The size of the encryption key can be larger.  You
can pretty easily test how fast you can go with various key sizes.  In
general, the speed doesn't matter terribly much in practical terms
unless you're processing thousands of items an hour.

> 3)  If you have multiple email accounts on one key and put on a key 
> server, would these multiple email accounts then be analogous to being 
> published in a telephone book?

Yes, pretty much.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson