multiple subkeys and key transition

Ben McGinnes ben at
Thu Dec 9 16:40:34 CET 2010

On 10/12/10 12:41 AM, Hauke Laging wrote:
> Am Donnerstag 09 Dezember 2010 07:14:53 schrieb Ben McGinnes:
>> Hello,
>> 	I am giving very serious thought to creating new keys and
>> doing a (long-term) transition to them.  This is partly to respond to
>> known flaws with SHA-1 and take advantage of SHA-256 and higher.
> What is the relation between a key and the hashing algorithms?

The current key is DSA/Elgamal

> In case of doubt choose RSA. It's the only one you can use with the
> g10 smartcard.

That would matter if I had/used smartcards, but I don't so it doesn't.
I prefer to simply have complete physical control over any system
which my secret keys are installed on.

>> 1) I've forgotten how GPG handles the subkeys, does it choose the
>> strongest key or the newest key by default or does it encrypt to all
>> active (non-revoked or non-expired) subkeys?
> It chooses the newest subkey.

Excellent.  I had a nagging feeling that that was right, thanks for
confirming it.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101210/de032c0a/attachment.pgp>

More information about the Gnupg-users mailing list