Key practice

Robert J. Hansen rjh at
Sun Nov 15 00:43:47 CET 2009

David Alexander Russell wrote:
> However I don't know what the 'best practice' is with regards to
> keypairs and so on.

GnuPG best practices, in a single sentence:  "Unless you know what
you're doing and why, stick with the defaults."

This one sentence is useful for about 95% of new users' questions.
GnuPG is meant to be secure by default: you don't need to know a ton of
niggling little details just to use it safely.

> The problem is that I'm not particularly hot on cryptography, so it
> has all combined to pass far over my head!

You're in good company.  :)  People who write these sorts of articles
mean well, but it's very hard to figure out which authors actually know
what they're talking about and which are just talking a good game.  On
top of that, even if you find an article written by someone who knows
the subject, the author's recommendations might not make sense in your
particular environment.

> Could some kind soul please explain, in layman's terms, what I should
>  generate and how I should use it? I'm on Ubuntu 8.04 so it's GnuPG
> 1.4.6 (not the newer version which defaults to RSA - I've read enough
> FAQs to establish that DSA is a Bad Thing) if that matters.

DSA is not a Bad Thing.  Whoever it was who told you this did you a
disservice.  If you'd like to tell us what you've heard about DSA, we
would be happy to correct the misinformation you were given.

My suggestion is to "gpg --gen-key".  At each step of the way, if you
ever don't know what to do, just hit RETURN and go on.  GnuPG will
produce a high-quality keypair for you.

More information about the Gnupg-users mailing list