does gpg & gpg2 use same gpg.conf file in home directory & what are the best practices to create gpg2 signature ?

war.dhan wardhan.v.1.0 at
Fri May 23 11:29:27 CEST 2014

hi all,

i have sent an e-mail to debian-users for generating a new key. a member
has suggested to ask directly here. herewith i am sending the e-mail
without any much modifications. i am using up to date debian sid.

i am planning to create a gpg2 key. i have googled and read some
articles & ideas on the web. i have some comprehensions & doubts about
creation & use of gpg2 key. i request members to provide your valuable
advice & suggestions & if possible warnings

[1] i have 2 packages in my system : gnupg 1.4.16-1.1 & gnupg2
2.0.22-3. there is no .gnupg directory.

should i create a ~/.gnupg directory along with gpg.conf with the
configuration given at [0].

[2] does creation of directory & config file before creation of gpg2 key
pose any issues ? i mean when i start to create key, does gpg2 look into
my home directory for config file ?

[3] does the configuartion file will through up any errors if i try to
create a signature [ god forbid ] with gnupg 1.4 version ?

[4] do i need to absolutely create another singing only key as mentioned
at [1], the link is not more than year old but it seems to be author is
creating a key suing gpg 1.4. is creation of a single key with gpg2 is
enough ?

[5] should i simply follow the advice for creating keys given at [3] ?
it makes sense after reading the comment at [4] about " It turns out
there is some UK legislation whereby folks are compelled to give a copy
of private keys to the UK government if they are used for signatures."

[6] i am concerned about the comment "Why a 4096b key? I have had
interoperability problems with keys that size in the past so usually do
not use more than 2048b. Is there an RSA 2048b compromise you are aware
of or are you just being through?" on link [4]. the comment is almost 4
years old & is this still relevant today ? usually adopt the highest
number if given a choice blindly.

[7] does the article at [5] about "OpenPGP Key IDs are not useful" apply
to gpg2 also ?

[8] the most important :
does merely pasting the of
paperkey -v --output printable.txt --secret-key backup.secret
a2ps -2 --no-header -o printable.txt

in email signature or email body is enough for cryptographically
protecting  ?



p.s. please c.c. me. i am not subscribed to mailing list.

More information about the Gnupg-users mailing list