a bunch of questions

Robert J. Hansen rjh at sixdemonbag.org
Fri Nov 10 07:42:31 CET 2017

> I believe that the key I'm signing this message with is 2048 bits and
> will expire next year. If I've got either of those details wrong, please
> correct my error(s).

No.  There's no expiration date on your certificate, and it's a 4096-bit
RSA keypair.

> What size key do you recommend I create in order to be future proof (for
> the rest of my life -- I'm in my early 50s)?

I personally think it's unlikely 4096-bit RSA keys will be broken in the
next twenty years.  Over that timeframe, RSA-4096 is probably stronger
than elliptical curve cryptography: we might (*might*) have quantum
computers large enough to tackle ECC by 2040, but RSA-4096 would require
a far larger quantum computer.

> I believe that the master key for the subkey I'm currently using will
> also expire next year. How would I go about confirming/refuting that
> assumption?

quorra:~ rjh$ gpg --edit-key "Charlie Derr"

pub  rsa4096/BB8B3D7331A9367F
     created: 2010-12-16  expires: never       usage: SCA
     trust: unknown       validity: unknown
sub  rsa4096/F44E4BC7C1F121DD
     created: 2010-12-16  expires: never       usage: E
[ unknown] (1). Charlie Derr <cderr at simons-rock.edu>

> I currently use gnupg with two different email accounts (this one and a
> gmail address) and I use different mail clients for each: thunderbird
> with enigmail here and claws-mail (and whatever debian gnupg plugin is
> appropriate for claws) with gmail. How can I set things up so that I can
> switch back and forth between two keys (for signing) until this one
> expires in 2018?

I don't use Claws, so I can't answer that; but Thunderbird+Enigmail
allows you to use whichever key you wish -- just set it up according to
the instructions on the Enigmail webpage.  If the instructions there are
unclear or confusing, I'm happy to help you with it further.

More information about the Gnupg-users mailing list