some(!) PGP / GPG compatibility question
Tue May 21 04:39:01 2002
I created a new pgp 7.1 key with the following parameters
key type : RSA [*NOT* legacy],
key size : 4096,
key chipper: AES
now when I import this key in GPG in Linux or Solaris I cannot see my name
or any other key details and mutt on linux shows a ? besides my id in the
I think this means the new PGP / GPG keys are not compatible
So my questions are
1. what are the safe parameters for a key to be compatible with PGP and GPG
I have come with the following parameters
key type : DH/DSS
key size : 4096/1024
key chipper : IDEA
I would like to use the same key for GPG on linux and PGP for windows and the key should be compatiable with most of pgp / gpg implementations
2. I read in bugtrap mailing list key size smaller that 1024 can be cracked by NSA, FBI and likes so is the above key safe from this type of attack ?
3. my private key has a sub key that is 786 bytes in length. Will this key allow all the data encrypted with my other key to be cracked ( other keys are 4096 and 2048 bits long ) ?
4. I seached google and saw some rumblings on the web about the DH/DSS algo being less secure than RSA. Would this matter in the generation of new key ( ie I should not generate a DH/DSS type of key ) ?
5. which key servers are the most reliable for use with pgp / gpg ? ( the original keyservers in PGP seem to be unstable )
6. if I generate a new key what is the best way to let the people that I have generated a new key and that they should stop using the old key ( of course I will revoke it if required ) ? should I sign my new key with the old key for this and put the key on a public keyserver or should I not revoke the old key but instead change the name in the old key to reflect the new keys ID and fingerprint and urging them to use the new key ?
(ie change the name in old key to something like
please use new key KeyID: 0xXXXXXXXX, Fingerprint : XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
XXXX are the values of the new key generated )
7. I am using pgp 7.1 which has the ability to use X.509 Certs. Until now I
used a X.509 cert and PGP Key for secure email and VPN and Encrypting file
system in Win2k. is there a way to consolidate both of them to one key /
cert that can be used in secure email, VPN and encrypting file system and
still have the multiple names the way new RSA or DH/DSS keys have ? ( any
ideas that u may have will be helpful, we use our own X.509 root Cert for
internal certs )
8. is the encrypt to self option in PGP / GPG a security hole or a feature ?
can it used to do anything malicious ?
9. I have ikey 1000 token. If I wish to put the public/private key on this
token what is the way to tell pgp 7.1 to use this token ?
10. I wish to have a ADK in my key so that if I ever forget my password I
can use the other key to decrypt the email / files how does one put a ADK in
the newly generated key ?
11. is there any good GPG front end for linux ( x windows, Windows 9x,
2000 ) like PGP for
windows for doing the key management ( GPL, BSD any lic will do only that it
should be free for personal use )