[EXT] Best practices for obtaining a new GPG certificate

john doe johndoe65534 at mail.com
Thu Mar 18 15:15:15 CET 2021


On 3/18/2021 2:39 PM, Andreas K. Huettel wrote:
> https://www.gentoo.org/glep/glep-0063.html
> https://wiki.gentoo.org/wiki/Project:Infrastructure/Generating_GLEP_63_based_OpenPGP_keys
>

Reading the URLs given by the OP, I see that the GPG FAQ (1) talks about
a default of '2048' but in the latest (2.2.17) release of GPG it looks
like the default is now '3072':

gpg --expert --full-gen-key
Please select what kind of key you want:
    (1) RSA and RSA (default)
    (2) DSA and Elgamal
    (3) DSA (sign only)
    (4) RSA (sign only)
    (7) DSA (set your own capabilities)
    (8) RSA (set your own capabilities)
    (9) ECC and ECC
   (10) ECC (sign only)
   (11) ECC (set your own capabilities)
   (13) Existing key
   (14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072)


Am I missing something?


1)  https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096

--
John Doe



More information about the Gnupg-users mailing list