Re: "upgrading" my gpg key
On Mon, Jan 04, 2010 at 08:36:32PM +0000, brian m. carlson wrote:
> On Mon, Jan 04, 2010 at 08:59:16PM +0100, Vincent Danjean wrote:
>> My main gpg public key seams to be a 1024 DSA key (1024D/9D025E87).
>> I would like to have a more robust main key. I've created to 4096 RSA
>> subkey to sign and encrypt.
>> The immediate "solution" is to create a separate new (main) key,
>> sign it and make it signed by other DD and then ask for it to be
>> added in Debian keyring. But perhaps gpg guru¹ would have better
>> suggestions ?
> (...) For maximum long-term security, I recommend a 3072-bit DSA key
> (preferably with SHA-512) or a 4096-bit RSA key.
I seriously recommend a RSA key over a DSA key; DSA has this horrible
property that you leak bits of your private key with every signature
done on a computer with cryptographically weak random numbers source!