Master signing key length

Robert J. Hansen rjh at
Mon Mar 5 11:46:46 CET 2012

On 3/5/2012 2:21 AM, Jon Molesa wrote:
> Does master signing key length have any effect on the length of
> sub-keys?

Yes, no and maybe.

Yes: if a 1024-bit master signing key can be compromised, there's
nothing to prevent the attacker from revoking your 4k subkeys and adding
new 4k subkeys the attacker controls.  This is really just the tip of
the iceberg, as far as attacks go.

No: breaking a 1024-bit master signing key is not trivial.  Nobody with
two brain cells to rub together will try to break a 1024-bit key so long
as any other reasonable option exists.  I would be surprised if any
1024-bit key has ever been broken, and only slightly less surprised if
one were to be broken in the next, say, five years.

Maybe: like Yogi Berra said, "the difference between theory and
practice?  In theory there is no difference: in practice there is."

More information about the Gnupg-users mailing list