multiple subkeys and key transition
faramir.cl at gmail.com
Fri Dec 10 02:40:10 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
El 09-12-2010 15:30, Ben McGinnes escribió:
> Good to know. Should I make the transition now/soon, my current plan
> is either of these two options:
> 1) 4,096-bit RSA signing key with a 4,096-bit Elgamal encryption key.
> 2) 4,096-bit RSA signing key with a 4,096-bit RSA encryption key and a
> 4,096-bit Elgamal encryption key.
Or you can use a 4,096-bit RSA main key (the one you use to sign other
keys), with a 2048-bit RSA subkey, for signing things, and a 2048-bit
whatever subkey for encryption. You can replace subkeys latter, and a
4096 main key should remain safe for some time.
P.S: I would use a smart card to store my keys for daily use, but I
wouldn't create the keys in a smart card, since I wouldn't be able to
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Gnupg-users