[EXT] Best practices for obtaining a new GPG certificate

john doe johndoe65534 at mail.com
Thu Mar 18 15:15:15 CET 2021

On 3/18/2021 2:39 PM, Andreas K. Huettel wrote:
> https://www.gentoo.org/glep/glep-0063.html
> https://wiki.gentoo.org/wiki/Project:Infrastructure/Generating_GLEP_63_based_OpenPGP_keys

Reading the URLs given by the OP, I see that the GPG FAQ (1) talks about
a default of '2048' but in the latest (2.2.17) release of GPG it looks
like the default is now '3072':

gpg --expert --full-gen-key
Please select what kind of key you want:
    (1) RSA and RSA (default)
    (2) DSA and Elgamal
    (3) DSA (sign only)
    (4) RSA (sign only)
    (7) DSA (set your own capabilities)
    (8) RSA (set your own capabilities)
    (9) ECC and ECC
   (10) ECC (sign only)
   (11) ECC (set your own capabilities)
   (13) Existing key
   (14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072)

Am I missing something?

1)  https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096

John Doe

More information about the Gnupg-users mailing list