[EXT] Best practices for obtaining a new GPG certificate

Andreas K. Huettel andreas.huettel at ur.de
Thu Mar 18 10:21:37 CET 2021

Hi David, 

when Gentoo switched to requiring gpg-signed git commits and pushes, we put 
some thought into requirements and best practices. Minus the Gentoo-specific 
parts, this is probably good reading:



Am Donnerstag, 18. März 2021, 05:06:24 CET schrieb David Mehler via Gnupg-
> Hello,
> My existing GPG certificate is going to expire in less than a month.
> I'd like to know current best practices for obtaining a new one? In
> particular I'm looking for the best protocol and strength for a
> security not a performance stance. The certificate will mainly be used
> for verifying and signing sent messages, and tagging git commits on
> personal servers. Devices used will be Windows 10 pcs and tablets and
> Android (version 10 and 11) phones and tablets.
> Suggestions welcome.
> Thanks.
> Dave.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

PD Dr. Andreas K. Huettel
Institute for Experimental and Applied Physics
University of Regensburg
93040 Regensburg

tel. +49 151 241 67748 (mobile)
tel. +49 941 943 1618 (office)
fax +49 941 943 3196
e-mail andreas.huettel at ur.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 981 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210318/93f8940f/attachment.sig>

More information about the Gnupg-users mailing list