Establishing new key - key setup recommendations

Paul Richard Ramer free10pro at gmail.com
Sun Apr 17 13:33:03 CEST 2011


On 04/15/2011 02:01 PM, Thomas Harning Jr. wrote:
> I've generated and published a 8192-bit non-expiring RSA 'master' key
> for signing other keys as well as 2048-bit RSA keys for signing and
> encryption (expiring in a few years).  The master key is protected by
> 
> I have not had it signed by other users yet and am concerned that I
> might want to generate a new keyset before I get the 8192-bit key in
> wide circulation.  I have, however, signed tags in my Git source
> repository with a subkey... so would it make sense to migrate those
> subkeys (through trickery i've seen)... or would the fact that they
> are available under the 8192-bit key be a general problem?

An 8192-bit key could be incompatible with most OpenPGP software.  For
that reason I wouldn't recommend it.  However, compatibility won't make
a difference if you will be the only one using your public key.  On the
other hand if the key is for communication or code signing,
compatibility is important.

I believe that 4096 bits would be the largest size that you should use.
 Just know that if you want to use an OpenPGP smartcard that 3072 bits
is currently the largest key size for a key stored on the card (if you
use subkeys for encryption, signing, or authentication then the 3072
bits size doesn't apply to the master key).

As far as "migration" is concerned, I don't know what you are referring
to.  Would you expound on this?

> Some options I am considering after reading blogs/etc:
>  * Generate RSA 4096-bit master signing key and revoke the 8192-bit
> key noting that it has been superceded

I would recommend this since you want to use the key with other people.
 In which case, you need compatibility.

>  * Generate DSA 3072-bit master signing key and revoke... (this is
> well supported, right?)

It will work fine for anyone who uses GnuPG, as far as I know, but I
don't know about PGP.  You'll have to ask about PGP's support 3072-bit
DSA keys.  But whether you should or shouldn't use a 3072-bit DSA key
versus a 4096-bit RSA key is simply personal preference, notwithstanding
any compatibility issues, if there is any.

>  * Wait for ECC to be in standard and supported by PGP and GnuPG

Don't wait; use cryptography now.  There will always be a better
solution coming.  Just switch when it becomes available.

And once again, remember compatiblility.  It is fine to switch to ECC
when it becomes available, but don't throw away using regular
RSA/DSA/Elgamal keys until most everyone else has switched to ECC.

>  * Generate ECC key and keep it alongside my better-supported 8192-bit
> key until better software support arrives (perhaps keeping both
> well-signed?)
>   - this implies the ECC public key storage for signing it has been
> set in stone...

Notwithstanding my comments about a 8192-bit key, I would probably do
this too after ECC has become available in GnuPG and has been well
tested.  I would have an ECC key and prefer its use, but have a non-ECC
key for those who are still using non-ECC keys.

Just know that everything that I have said is just one man's opinion,
but the compatibility issue is several men's.

Cheers,


-Paul

--
PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110417/aec59ac2/attachment.pgp>


More information about the Gnupg-users mailing list