Which key type for offline signing key + how to get a trusted copy of gpg signing key

Werner Koch wk at gnupg.org
Thu Feb 24 09:46:37 CET 2005

On Wed, 23 Feb 2005 23:26:16 +0100, Jakob  said:

> with Knoppix). As I recently read that 1024bit DSA-keys are quite
> small for long time security (let's say 10 years) I wondered whether I
> should use a 4048bit RSA-key instead. Is there any reason not to do so?

Nowadays it seems that the hash algorithms are the major weakness
digital signatures; so a longer KEy does gain you anything excpept for
preety long and slow signatures.  You might want to use a 2k RSA key
so that you can use SHA-256.  However, the only MUST algorithm for signing in
OpenPGP is DSA and SHA-1 so by using RSA not everyone will be able to
make use of your key sigtnatures.

> verified copy of the GPG signing key (57548DCD). How did you verify

Signed by me and my key is pretty well connected in the web of trust -
go and check the signatures on my key.  See Mail header for the
canonical source of my key in case your keyserver is old and dusted.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : /pipermail/attachments/20050224/a3329c12/attachment.pgp

More information about the Gnupg-users mailing list