The best practice of master/sub key capabilities

Peter Lebbing peter at
Thu Aug 20 17:01:15 CEST 2015

> When I create new master/sub key, in the following 2 choice, I'm
> wondering which is better?

I'd recommend the defaults as best practice. They're there for a reason.
Why are you restricting yourself to "the following 2 choices"? They both
seem ill-advised (and unusual as well). Most importantly, it's generally
advised not to do encryption and signing with the same key material.
Furthermore, it is disputed whether RSA-4096 offers a useful
cost/benefit tradeoff. Personally, I'm on the side that thinks it does
not. But who am I.

You also didn't indicate what your usage scenario is, so without that
information, "the defaults" again seem like a pretty solid answer.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list