OpenPGP card: What RSA problems? Why not for key signing?
Werner Koch
wk at gnupg.org
Thu Apr 6 11:24:25 CEST 2006
On Wed, 05 Apr 2006 18:22:35 +0200, Felix E Klee said:
> * What are those problems that one may encounter with RSA?
You can't load a non-1024 bit RSA key to the card. RSA keys are
optional in OpenPGP and thus some implementaions may not be abale to
use your key.
> * Why should the key on the card not be used for key signing?
Either becuase people feel that 1024 bit RSA/SHA-1 is not strong
enough or due to the diculties of creating a backup of that key.
Without a backup and a borken card you won't be able to properly use
your key anymore and all collected signatures are practically lost.
> * Is there any advantage in using a DSA master key (not supported by the
> OpenPGP card, I know) instead of an RSA master key?
DSA signatures are much smaller.
> * What's the best tool for generating the 1024 bit RSA key? Should I
> simply use plain "gpg --gen-key --no-random-seed-file" or should the
> key be generated on card, or does it not really matter?
gpg --gen-key
--no-random-seed-file is only useful if you don't have permission to
write it.
Shalom-Salam,
Werner
More information about the Gnupg-users
mailing list