[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updating GPG howto (http://keyring.debian.org/creating-key.html)

Hello list,

  I'm about to generate a new GPG keypair to supplement my old v3 1024R
as suggested by Gunnar Wolf as of 2010-09-14 [1] and I was following the
documentation on http://keyring.debian.org/creating-key.html .

  I'm using GnuPG 1.4.11 from my Debian Wheezy, and a few things have
changed since that tutorial was written. I'm not very sure about the
security concerns about my decision, so I'm asking experts on the list
how the tutorial should be updated for recent GnuPG.

  1/ There is no date or GnuPG version on the tutorial. The source
(Ana's blog) is more precise, it's 2009-05-10 and GnuPG < 1.4. There's a
leter update about GnuPG 1.4.0 and higer as of 2009-09. Wouldn't it be
more clear if the page explictly mentions the GnuPG versions pertaining
to that documentation ?

  2/ It is suggested to update gnupg.conf with:

  personal-digest-preferences SHA256
  cert-digest-algo SHA256
  default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

  Is it still needed with GnuPG 1.4.11 ?

  3/ The -gen-key menu has changed from the tutorial, it is now:

  Please select what kind of key you want:
     (1) RSA and RSA (default)
     (2) DSA and Elgamal
     (3) DSA (sign only)
     (4) RSA (sign only)

  Again Ana's blog has been updated and it looks legal (and a good idea)
to select the (1) option which also generates an ecnryption key in one
go. Is that correct ?

[1] http://lists.debian.org/debian-devel-announce/2010/09/msg00003.html

Reply to: