The best practice of master/sub key capabilities
Peter Lebbing
peter at digitalbrains.com
Sun Aug 30 11:24:00 CEST 2015
On 22/08/15 17:25, Dongsheng Song wrote:
> Now I want to create my new key like this:
>
> sec rsa4096/93D374EB 2015-08-22 [C]
> uid [ultimate] example <example at someone.xyz>
> ssb rsa2048/466D08E1 2015-08-22 [S]
> ssb rsa2048/AD92E667 2015-08-22 [E]
> ssb rsa2048/07DEFA25 2015-08-22 [A]
> ssb ed25519/AE83BE7C 2015-08-22 [S]
> ssb cv25519/0FACE148 2015-08-22 [E]
> ssb ed25519/610E5096 2015-08-22 [A]
Sorry I forgot to answer earlier. This seems a reasonable setup. If this
makes you feel happy, go for it :). I still think RSA-4096 is a bit
much, though. People who have your public key and use an underpowered
system will see that building the trust database can take significantly
longer in checking your certifications.
I don't know when GnuPG checks subkey bindings, but that takes
significantly longer as well. Subkey bindings verify the correspondence
between a primary key and a subkey, and are part of your public key.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list