Key Type & Size / Multiple Email Accounts / Key Server Questions

David Shaw dshaw@jabberwocky.com
Thu Apr 4 05:39:02 2002


On Wed, Apr 03, 2002 at 04:47:27PM -0600, Greg Strong wrote:
> In article <20020403173415.GB696@akamai.com>, David Shaw wrote:
> > You actually have another possibility which is an RSA key.
> > 
> > As to which to pick, it depends on the use.  ElGamal signatures are
> > somewhat controversial (they're hard to get right), and so may not be
> > widely supported in the future.
> 
> I plan on using GnuPG.  Unless I missed something RSA was NOT an option.

If you use one of the 1.0.7 development versions (or generate the key
in PGP), then RSA is an option.  Once the key is generated, you can
use it in your current version of GnuPG.

> > This document, while slightly out of date, is fantastic on the subject:
> > http://www.samsimpson.com/pgp.php
> 
> Using GnuPG reading these threads and your reference I would say a 
> primary key type of DSA to sign at maximum size of 1024, and a key type 
> of ElGamal to encrypt with a size of 4096.  It sounds like I may run into 
> some problems with the ElGamal which I understand is a derivative of DH. 

Only for signing.  Encrypting with ElGamal is just fine.

For what it's worth, I decided to start the transition to using an
OpenPGP key a few months ago.  I settled on an 4096 bit RSA master
key, with an ElGamal encryption subkey, and a DSA signing subkey.
Best of all worlds :)

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson