[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Preferred way to genereate a gpg key?

On Fri, 2005-06-24 at 18:39 -0500, Erick Vresnev Castellanos Hernández
> While I was reading Developer's Reference [1], in the part about gpg
> keys, it says:
> "You need a type 4 key for use in Debian Development. Your key length [...]"
> I supposed that it refers about the "gpg --gen-key" command, and the
> options that result from executing it. Also I remember that, *in the
> past*, it was a "4" option which was something about ElGamal sign and
> encryption, or something like that. But now, in the Sarge's version of
> gpg, there is only option 1,2, and 5.

You probably want option 1, the default.  The "type 4" refers to key
version.  The only version of key that GnuPG is capable of generating is
version 4, so there should be no problems.  The old versions (versions 2
and 3, which are otherwise identical) are generated by PGP 2.3.x and
2.6.x, respectively.

The Elgamal sign and encrypt has been removed from the proposed new
standard, because it is very hard to make secure, and GnuPG made a
mistake in doing so.

> So, I ask: now what is the preferred way to generete a gpg key to
> become a debian developer? The "4" expression, and my interpretation,
> in that paragraph is it correct?

Again, you probably want option 1.  Your interpretation is probably very
common, just not correct.

> Just want to know. And if it is a bug, I hope somebody could change it
> to avoid confusion.

You are correct; it probably should be fixed.

Furthermore, my suggestion is that if you own a PC or other fast
i386-type machine, that you should use that, as opposed to a PowerPC or
Sparc, because i386s gain entropy faster in my experience, and you need
a lot of entropy.  Just a suggestion; it is not required.


Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: