Primary Key Security, Old DSA Key

Edmond edmond at
Sat Jul 23 16:19:57 CEST 2011

Hello everyone,

one of my keys (the one I'm signing this message with) was created a
while back and uses a 1024 bit DSA primary key. For encryption I'm using
a 4096 bit RSA subkey, and for singing a 2048 bit DSA subkey (due to the
smaller signature).

gpg2 --list-packets for my primary key and the encryption subkey spawns:

    iter+salt S2K, algo: 3, SHA1 protection, hash: 2, salt: ...
    protect count: 96

and for my signing key:

    iter+salt S2K, algo: 3, SHA1 protection, hash: 2, salt: ...
    protect count: 161

The 'protect count' of my signing key is higher as it was created using
a relatively new version of GnuPG 2 on a newer CPU.

An OpenPGP S2K count of 96 implies 65536 rounds. On my mobile computer,

    gpg-connect-agent 'getinfo s2k_count' /bye

calculates 1102848 rounds; and on my desktop computer the number is
almost four times as big. Hence I will soon increase the number of
protection rounds to improve my secret key security, or even move those
keys to a smartcard.

But since AFAIK both 1024 bit DSA and SHA1 hashes are not recommended
for use anymore (at least in new systems), I was wondering if I should
issue a new primary key. What would you recommend? I have no signatures
collected on my primary key (except my own).

Since my encryption subkey is using a current algorithm/key length, my
enrypted messages should be save regardless of the primary key's
security, right? I.e., the worst thing that could happen is that someone
issues new subkeys that claim to belong to my primary key when they
actually don't. Is that correct?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 344 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110723/3bf96020/attachment.pgp>

More information about the Gnupg-users mailing list