Key practice
Robert J. Hansen
rjh at sixdemonbag.org
Sun Nov 15 00:43:47 CET 2009
David Alexander Russell wrote:
> However I don't know what the 'best practice' is with regards to
> keypairs and so on.
GnuPG best practices, in a single sentence: "Unless you know what
you're doing and why, stick with the defaults."
This one sentence is useful for about 95% of new users' questions.
GnuPG is meant to be secure by default: you don't need to know a ton of
niggling little details just to use it safely.
> The problem is that I'm not particularly hot on cryptography, so it
> has all combined to pass far over my head!
You're in good company. :) People who write these sorts of articles
mean well, but it's very hard to figure out which authors actually know
what they're talking about and which are just talking a good game. On
top of that, even if you find an article written by someone who knows
the subject, the author's recommendations might not make sense in your
particular environment.
> Could some kind soul please explain, in layman's terms, what I should
> generate and how I should use it? I'm on Ubuntu 8.04 so it's GnuPG
> 1.4.6 (not the newer version which defaults to RSA - I've read enough
> FAQs to establish that DSA is a Bad Thing) if that matters.
DSA is not a Bad Thing. Whoever it was who told you this did you a
disservice. If you'd like to tell us what you've heard about DSA, we
would be happy to correct the misinformation you were given.
My suggestion is to "gpg --gen-key". At each step of the way, if you
ever don't know what to do, just hit RETURN and go on. GnuPG will
produce a high-quality keypair for you.
More information about the Gnupg-users
mailing list