Re: "upgrading" my gpg key

To: debian-devel@lists.debian.org
Subject: Re: "upgrading" my gpg key
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Mon, 4 Jan 2010 22:34:14 +0100
Message-id: <[🔎] 20100104213414.GA22430@capsaicin.mamane.lu>
Mail-followup-to: Lionel Elie Mamane <lionel@mamane.lu>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20100104203537.GD28755@crustytoothpaste.ath.cx>
References: <[🔎] 4B424894.7080208@free.fr> <[🔎] 20100104203537.GD28755@crustytoothpaste.ath.cx>

On Mon, Jan 04, 2010 at 08:36:32PM +0000, brian m. carlson wrote:
> On Mon, Jan 04, 2010 at 08:59:16PM +0100, Vincent Danjean wrote:

>> My main gpg public key seams to be a 1024 DSA key (1024D/9D025E87).
>> I would like to have a more robust main key. I've created to 4096 RSA
>> subkey to sign and encrypt.

>>   The immediate "solution" is to create a separate new (main) key,
>> sign it and make it signed by other DD and then ask for it to be
>> added in Debian keyring.  But perhaps gpg guru¹ would have better
>> suggestions ?

> (...) For maximum long-term security, I recommend a 3072-bit DSA key
> (preferably with SHA-512) or a 4096-bit RSA key.

I seriously recommend a RSA key over a DSA key; DSA has this horrible
property that you leak bits of your private key with every signature
done on a computer with cryptographically weak random numbers source!

-- 
Lionel

Reply to:

Follow-Ups:
- Re: "upgrading" my gpg key
  - From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>

References:
- "upgrading" my gpg key
  - From: Vincent Danjean <vdanjean.ml@free.fr>
- Re: "upgrading" my gpg key
  - From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>

Prev by Date: dpkg 3.0 (quilt) packages not being accepted?
Next by Date: Re: "upgrading" my gpg key
Previous by thread: Re: "upgrading" my gpg key
Next by thread: Re: "upgrading" my gpg key
Index(es):
- Date
- Thread