2048 or 4096 for new keys? aka defaults vs. Debian

Peter Lebbing peter at digitalbrains.com
Sun Oct 27 13:32:12 CET 2013

On 27/10/13 13:21, Johan Wevers wrote:
> Which makes me think, is it possible to generate a 2048 bit RSA signing
> key combined with a 3072 or 4096 bit encryption key?

Yes, although I don't think it makes sense to create an X-bit primary key with a
Y-bit subkey if X is smaller than Y as the attacker can "simply" crack the
primary key and attach a new subkey which will be preferred because it is newer.
Optionally he can revoke the old encryption subkey.

But the following layout is sensible on some level:

3072-bit RSA primary for certification (C)
2048-bit RSA subkey for data signatures (S)
3072-bit RSA subkey for encryption (E)

Note that I'm not going into the discussion whether any protection beyond 2048
is sensible or whether it is already impossible to crack an X-bit primary key
for useful X's.

If signatures aren't that important to you anyway, you can wonder if it is
useful to spend time on making it more efficient by lowering the length.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list