Which key type for offline signing key + how to get a trusted copy of gpg signing key

Jakob j.breier at gmx.de
Sat Feb 26 00:26:06 CET 2005

Hash: SHA1

Werner Koch wrote:

 > On Wed, 23 Feb 2005 23:26:16 +0100, Jakob said:
 >>[I want to create a key only used for key signing (on an offline
 >>  system]
 >> with Knoppix). As I recently read that 1024bit DSA-keys are quite
 >> small for long time security (let's say 10 years) I wondered whether I
 >> should use a 4048bit RSA-key instead. Is there any reason not to do so?
 > Nowadays it seems that the hash algorithms are the major weakness
 > digital signatures; so a longer KEy does gain you anything excpept for
 > preety long and slow signatures. You might want to use a 2k RSA key
 > so that you can use SHA-256. However, the only MUST algorithm for
 > signing in
 > OpenPGP is DSA and SHA-1 so by using RSA not everyone will be able to
 > make use of your key sigtnatures.

Just to be sure: PGP-*keys* are hashed before they are signed? I thought
they are signed in the same way as checksums are so that this key does 
not sign any checksums at all.

 >> verified copy of the GPG signing key (57548DCD). How did you verify
 > Signed by me and my key is pretty well connected in the web of trust -
 > go and check the signatures on my key. See Mail header for the
 > canonical source of my key in case your keyserver is old and dusted.
 > Shalom-Salam,
 > Werner

Sorry for the latency. An hour ago I realised that the reply function 
didn't work properly.
Version: GnuPG v1.2.4 (MingW32)


More information about the Gnupg-users mailing list