Generating a new key

Grant Olson kgo at grant-olson.net
Sun Mar 21 04:33:59 CET 2010


On 3/20/2010 11:22 PM, Doug Barton wrote:
> 
> Yes, that's a consideration, however in 5 years we'll have had at least
> 2 iterations of Moore's Law, and in my experience so far I do much more
> signing than I do encryption.
> 
> Thanks for the review. :)
> 
> 
> Doug
> 

I stumbled on this wikipedia page a few weeks ago:

http://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths

I'm not sure how up-to-date the info is, but it basically says that even
with Moore's law, 2048 bit keys should be good until 2030.

I would think if you want to future-proof anything, it'd be the primary
key.  You can create a separate signing subkey with a more reasonable
bit length.  And then if you need to crank up the signing/encryption key
bit-lengths in the future, you can create new subkeys and expire the old
ones, and you'll keep all your signatures on the existing primary key.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100320/9c608277/attachment.pgp>


More information about the Gnupg-users mailing list