[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "upgrading" my gpg key

On Mon, Jan 04, 2010 at 08:36:32PM +0000, brian m. carlson wrote:
> On Mon, Jan 04, 2010 at 08:59:16PM +0100, Vincent Danjean wrote:

>> My main gpg public key seams to be a 1024 DSA key (1024D/9D025E87).
>> I would like to have a more robust main key. I've created to 4096 RSA
>> subkey to sign and encrypt.

>>   The immediate "solution" is to create a separate new (main) key,
>> sign it and make it signed by other DD and then ask for it to be
>> added in Debian keyring.  But perhaps gpg guru¹ would have better
>> suggestions ?

> (...) For maximum long-term security, I recommend a 3072-bit DSA key
> (preferably with SHA-512) or a 4096-bit RSA key.

I seriously recommend a RSA key over a DSA key; DSA has this horrible
property that you leak bits of your private key with every signature
done on a computer with cryptographically weak random numbers source!


Reply to: