Which key type for offline signing key + how to get a trusted
copy of gpg signing key
Jakob
j.breier at gmx.de
Sat Feb 26 00:26:06 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Werner Koch wrote:
> On Wed, 23 Feb 2005 23:26:16 +0100, Jakob said:
>
>>[I want to create a key only used for key signing (on an offline
>> system]
>> with Knoppix). As I recently read that 1024bit DSA-keys are quite
>> small for long time security (let's say 10 years) I wondered whether I
>> should use a 4048bit RSA-key instead. Is there any reason not to do so?
>
>
> Nowadays it seems that the hash algorithms are the major weakness
> digital signatures; so a longer KEy does gain you anything excpept for
> preety long and slow signatures. You might want to use a 2k RSA key
> so that you can use SHA-256. However, the only MUST algorithm for
> signing in
> OpenPGP is DSA and SHA-1 so by using RSA not everyone will be able to
> make use of your key sigtnatures.
>
Just to be sure: PGP-*keys* are hashed before they are signed? I thought
they are signed in the same way as checksums are so that this key does
not sign any checksums at all.
>> verified copy of the GPG signing key (57548DCD). How did you verify
>
>
> Signed by me and my key is pretty well connected in the web of trust -
> go and check the signatures on my key. See Mail header for the
> canonical source of my key in case your keyserver is old and dusted.
>
>
> Shalom-Salam,
>
> Werner
Sorry for the latency. An hour ago I realised that the reply function
didn't work properly.
Jakob.
__________
2005-02-26
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
iD8DBQFCH7PLkQFTRHuGzGgRAluxAJ4nmBhEafQH7g2vnVNb/zAqf1yyOQCgywOC
wK5Ecepq0RYty2v1XgKWj64=
=k9Lx
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list