Questions about generating keys

Oskar L. oskar at
Wed Aug 22 19:36:36 CEST 2007

Robert J. Hansen wrote:
> 2. Why do you need an RSA keypair?  The overwhelming majority of users
>    are best served by sticking with the defaults--which, in this case,
>    means a DSA/Elgamal keypair.

I prefer RSA keys because

- DSA does not have a hash firewall.

- They don't have a 1024 bit limit, like DSA has. I know "DSA2" can have
  larger keys, but last I heard PGP can't use them.

- The hash used is not limited to 160 bits, like it is with DSA.

- RSA is faster.

I can't understand why RSA isn't the default. The only argument defending
DSA I've heard is that DSA creates smaller signatures. Is this really so
important to people that they are willing to give up all the benefits of
RSA for it?

David Shaw wrote:
> No real reason, except it would make the list of key types very
> long if every possible combination was listed (RSA primary/Elgamal
> subkey, DSA primary/RSA subkey, RSA primary/RSA subkey,
> DSA primary/Elgamal subkey).

I understand, but surely an RSA keypair must be such a common thing
that it could have it's own option? What I find really strange is that
the archives mention a sixth option, "(6) RSA (sign and encrypt)", but
version 1.4.6 gives me:

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (3) DSA (set your own capabilities)
   (5) RSA (sign only)
   (7) RSA (set your own capabilities)

Why was the sixth option removed?

By the way, is there a security or performance difference between a
RSA (sign and encrypt) keypair with no subkeys, and a RSA (sign only)
keypair with a RSA (encrypt only) subkey?

David Shaw wrote:
> > Is there any way to manually set the time that will be used for the
> > creation time? Or do I have to change the system time if I don't want to
> > use the current time? I'm a bit of a perfectionist, and think 00:00:00
> > looks much better than something like 01:42:57.
> As it happens, this will probably be possible in an upcoming version,
> but for other reasons.

Nice! I'm curious about what these reasons are.

Alex wrote:
> Yes, common sense. if you submit your key to a keyserver, there
> should be some way to distinguish your key from hundreds of
> other having the same short name, when searching for a key.

Sorry, I forgot to say that I don't use any keyservers. Only my
friends can get my private e-mail address and "private" public key.

James wrote:
> - E-mail clients using PGP won't be able to automatically know
> which key to use when e-mailing you - they'd have to setup
> specific mappings.

That's ok, since they would have the same problem if the address
in my key differed from the one in their address book. Since
not specifying an e-mail address doesn't seem to go against the
OpenPGP specification, I think I won't specify one when I create
my new key.

Todd wrote:
> ...the --allow-freeform-uid option will bypass all checks on
> the format of the user id.

I'll keep that in mind in case I'll ever need it.

Thanks everybody for your anwsers!

More information about the Gnupg-users mailing list