1024 key with 2048 subkey: how affected?

brian m. carlson sandals at crustytoothpaste.net
Mon Jan 23 17:52:17 CET 2012

On Mon, Jan 23, 2012 at 02:18:54PM +0000, Chris Poole wrote:
> If the only purpose of the primary key (in my case, where I have subkeys for
> signing and encryption) is to sign the subkeys, why not simply make it stupidly
> large? Equivalent to 256 bits with a symmetric cipher, or 512 bits?

Because it's also used to sign other people's keys.  Using a very large
key (for 256-bit equivalence, ~15kbits) makes verification so slow as to
be unusable.  You have to not only verify signatures on other keys but
also the signatures on the subkeys.  This is less of a problem with
implementations that verify signatures only once and then cache the
results, but most implementations do not do that.

Also, there's nothing preventing people from actually signing data with
the primary key, so someone who is unfamiliar with your strategy might
accidentally use a single, very large key.

brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20120123/42e928cc/attachment.pgp>

More information about the Gnupg-users mailing list