Changing GPG's default key type?

David Shaw dshaw at
Fri Jul 31 03:20:13 CEST 2009

On Jul 29, 2009, at 11:14 AM, Jan Suhr wrote:

> For my understanding GnuPG is standard conform and creates a "DSA
> primary key (1024 bits - not "DSA2") with an Elgamal subkey per  
> default."
> It was discussed in May to change this standard to 2048-bit RSA key:
> I am planing to create some new keys which will be used for the next
> couple of years. Therefore I am wondering if it is a good idea to  
> create
> 2048-bit RSA keys already although it is not standard (yet). So
> potentially it could cause incompatibility issues. I suppose most of  
> the
> correspondents (>90%) use GnuPG and thus should not have any problems
> with the keys.
> Do you have further information about the coming standard key type?  
> Are
> there any other obstacles or implications to consider and what is your
> advice?

There is nothing particularly special about the change.  RSA keys are  
part of the OpenPGP standard just as DSA is.  The difference is that  
DSA is a required part of the standard, and RSA is optional.  The  
reasons behind this are at least partly historical, and no longer  
apply.  Nevertheless, RSA is still optional.

So yes, it is true that there could be an OpenPGP implementation out  
there that does not support RSA.  In practice, however, I'd be very  
surprised if you had any problems.  Even more so since you say that  
over 90% of your correspondents use GnuPG.  Personally, I've used a  
RSA key since 2002 and have never had even a single instance of  
someone not being able to use my key because their OpenPGP program  
didn't implement RSA.

In short, I wouldn't worry about it.  Use either DSA or RSA, and you  
should be fine.


More information about the Gnupg-users mailing list