add subkey vs generate new set?

Faramir faramir.cl at gmail.com
Fri Oct 17 01:45:53 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Werewolf escribió:
> 
> Another Pondering as every year need bigger bit sized keys to be secure
> Benefits and Cons

  IMHO, I would just use 2048 bits keys and focus in keeping the keys
safe... and using good algorithms. But consider I am not an expert, and
I am not even an experienced user...

I found a document today, maybe it is worth taking a look at it:
http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf

> Wondering if adding a bigger encryption/signing sub keys to current key
> on keyserver leaves the benefit keeping the same finger print? So don't
> have inform all your corresondences to get a new key from you?  They
> just have --refresh their public keyrings

  Yes, you can keep the primary key and change the subkeys... you can
even remove the primary key (and store it SAFE) and work with the
subkeys... there is a tutorial about that, and was posted in this list a
while ago...

  Look at "Secure Key Generation" in the site
http://tjl73.altervista.org/index_en.html

> Just setting old key to expire and Generate a new set, collect
> signatures again, change info on web pages and/or bussiness cards?

  I have not collected a single strong signature in 5 months, so if I
ever get one, I won't be happy if I have to revoke my key (lol).

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJI99IxAAoJEMV4f6PvczxAbEAIAItqD7BMjL5zGcqSpID3EBb/
g+rMhPzOXGxdiHdKpWy8gVgGXvLRIlAR3CgxS8i/qx7ys/LJHUteupKwyrw295ge
wdjtw0LSIVSlRw4u1I2WFo+cohsLsMO9ZZ0qjNlsNKpfMOWT3VovSJp/kIi9cUVX
zvv4v3vEMOLmV1Vv1iMD3ffpAI3Ajmv8+nNgYFL/2KFUa4YXJ5xhO/j7cCudNhl6
jL4JwSCs+erefrMzeUrkT8c8dPZa8DP8AODMhMoAxjdRNNdY2w7ZybJca1IPtYtX
O0eV4un9S7D7/a+WvfiseKkj6VkSIeAA6jXBRVL8f+tJst5mevbTryDD9H1qBwM=
=zkuN
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list