GPG and 1024-bit (or multiple) subkeys

David Shaw dshaw at
Tue Aug 15 19:10:40 CEST 2006

On Mon, Aug 14, 2006 at 09:58:28PM -0700, Charles Franklin Bernard wrote:
> New to list; first post.
> We send member companies our 1024 bit public key with its 1024-bit
> subkey to encrypt their A/R files before they're FTP'd to us.  A new
> customer is requesting we generate a new key for them that has a 2048
> sub key, claiming GPG requires this by default.  So I added another
> subkey, 2048-bit, but the customer says GPG is looking for a 2048
> subkey *by itself*.  Does that make sense?

In short, no.  Your customer is confused.  GPG does not require any
particular key size.  By default, it will generate 2048-bit keys, but
it will work quite happily with 1024-bit, 4096-bit, or whatever you
feel like using.

> Doesn't GPG have an easy programmatic way to specify a subkey and/or
> bit size?

Yes, it does, but given that the premise behind the customer's
question is wrong, this may not be the answer:

    Note that you can append an exclamation mark (!) to key IDs or
    fingerprints.  This flag tells GnuPG to use the specified
    primary or secondary key and not to try and calculate which primary
    or secondary key to use.


More information about the Gnupg-users mailing list