Changing GPG's default key type?
dshaw at jabberwocky.com
Fri Jul 31 03:20:13 CEST 2009
On Jul 29, 2009, at 11:14 AM, Jan Suhr wrote:
> For my understanding GnuPG is standard conform and creates a "DSA
> primary key (1024 bits - not "DSA2") with an Elgamal subkey per
> It was discussed in May to change this standard to 2048-bit RSA key:
> I am planing to create some new keys which will be used for the next
> couple of years. Therefore I am wondering if it is a good idea to
> 2048-bit RSA keys already although it is not standard (yet). So
> potentially it could cause incompatibility issues. I suppose most of
> correspondents (>90%) use GnuPG and thus should not have any problems
> with the keys.
> Do you have further information about the coming standard key type?
> there any other obstacles or implications to consider and what is your
There is nothing particularly special about the change. RSA keys are
part of the OpenPGP standard just as DSA is. The difference is that
DSA is a required part of the standard, and RSA is optional. The
reasons behind this are at least partly historical, and no longer
apply. Nevertheless, RSA is still optional.
So yes, it is true that there could be an OpenPGP implementation out
there that does not support RSA. In practice, however, I'd be very
surprised if you had any problems. Even more so since you say that
over 90% of your correspondents use GnuPG. Personally, I've used a
RSA key since 2002 and have never had even a single instance of
someone not being able to use my key because their OpenPGP program
didn't implement RSA.
In short, I wouldn't worry about it. Use either DSA or RSA, and you
should be fine.
More information about the Gnupg-users