OpenPGP card: What RSA problems? Why not for key signing?

Felix E. Klee felix.klee at
Thu Apr 6 14:29:06 CEST 2006

At Thu, 06 Apr 2006 11:24:25 +0200,
Werner Koch wrote:
> > * Why should the key on the card not be used for key signing?
> Either becuase people feel that 1024 bit RSA/SHA-1 is not strong
> enough 

Yes, one reads this and that: Some say 1024 may become easily crackable
[1] in the upcoming years, some say that it won't.  OK, my data may not
be that interesting [2] but, still, I want to do it right, or more or
less so.  So, I'll probably simply create a 4096 bit RSA key with 10
years life time and store it on devices not accessible from the systems
I normally use.

So, I've one more question: How long should the passphrase reasonably
be, in case ...

... it is a phrase containing words from a dictionary (e.g. taken from a

... it is a phrase made up of easily memorizable/pronounceable but
non-real words, formatted like an ordinary phrase (i.e. one word, one
blank, etc.)?

... it is just a random string?

The goal is to make decrypting the pass phrase protected secret key
about as hard as factoring the public key.  Is this even remotely

> Without a backup and a borken card you won't be able to properly use
> your key anymore and all collected signatures are practically lost.

Well, I planned to have the key stored on two smartcards (one for
backup), anyway.

If not used for storage of the master key, the smartcards, of course,
are still nice for storing sub keys, and have them available all the

[1] I.e. with not too expensive equipment and in a rather short time,
  say a couple of days.

[2] I plan to use the key in the context of financial transactions,

Felix E. Klee

More information about the Gnupg-users mailing list