GnuPG/gpg signature
Hi,
I want to create myself a good gpg signature for use as a Debian
Developer. I am uncertain as to what the best way to do this is. I'm under
the impression that RSA is a better algorithm than Elg-e or DSA, and I
do know about the potential incompatibilities, but I think they are few.
I am thinking that I should stick with the default keysize of 1024 as I
think it's good enough, and I read that keys larger than 1024 can have
hash problems, but I never saw any explanation.
I would like to create myself one primary key that doesn't have an e-mail
address in the ID. I would then like to be able to create sub keys, but I
don't quite understand what a subkey is, and the Developer's reference
(iirc) warns that having more than 2 subkeys may corrupt my key on the
keyservers? Would I be able to remove subkeys and replace them?
I remember seeing some pgp keys with photo ID attached somehow to them
and I also see gpg options for viewing photo's. I would like to be able
to include a photo with my key or subkey, but I see no documentation on
how to do so. I am also unsure as to whether the photo should be part of a
subkey as I would like to replace it every few years to keep it current.
So my questions are:
Are my choices of keysize, algorithm and subkey usage good choices?
What's the proper usage for and of subkeys?
If possible, what's the best way to include photo ID in a key/subkey?
Or even, where might I find better documentation on these? gnupg.org's
website links to a manpage, mini-howto and a user-guide all of which were
insufficient to answer my questions. Since I'm looking to use a subkey for
debian I'm posting my questions here. I'll revert to gnupg's mailing list
if my general gnupg questions can't be/aren't answered here.
Thanks
Drew Daniels
Reply to: