multiple subkeys and key transition
Faramir
faramir.cl at gmail.com
Fri Dec 10 02:40:10 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
El 09-12-2010 15:30, Ben McGinnes escribió:
...
> Good to know. Should I make the transition now/soon, my current plan
> is either of these two options:
>
> 1) 4,096-bit RSA signing key with a 4,096-bit Elgamal encryption key.
>
> 2) 4,096-bit RSA signing key with a 4,096-bit RSA encryption key and a
> 4,096-bit Elgamal encryption key.
Or you can use a 4,096-bit RSA main key (the one you use to sign other
keys), with a 2048-bit RSA subkey, for signing things, and a 2048-bit
whatever subkey for encryption. You can replace subkeys latter, and a
4096 main key should remain safe for some time.
Best Regards
P.S: I would use a smart card to store my keys for daily use, but I
wouldn't create the keys in a smart card, since I wouldn't be able to
backup them...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJNAYT6AAoJEMV4f6PvczxAVaoH/327iMrmudM3itetq/L8ZAOL
07hh+kWx14AmQbFPMaiJVOc/XrJ9NA+0ek7m8tt1aM+TdWvhVrH1Qd40bvykDrya
fmLsAnYs8mehy3+uZmxt77XeAhg4zuFqDGS/5slDB/Bj7JV7MCv2D++s52lTr1pi
gZpu6Xsgb3cmOeRco5LpOlmwYjjEcp/WsU6P2+2dBKDofI1JZF+u3itQBtEv3yPl
mDHASO0TIGCz+MNfGqgSYG9xmRckz/4JqMEsVGWyl2Tj3RMpp2p4BHYCdoVSMlIq
3lViMYQ+pVUELRU8HjRNMYpzToxpT0IWw6KA9SZqXPTARMv/bShpjdfETANLqq0=
=6oT7
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list