Mailing List Archive: GnuPG: devel

Default encryption key algo

Index | Next | Previous | View Threaded

wk at gnupg

May 11, 2009, 9:48 AM

Post #1 of 7 (808 views)
Permalink

Default encryption key algo

Hi,

from all responses we gathered regarding the change of the default
algorithm for new keys (on several lists) it should be pretty clear that
RSA is a good choice.

The next question is whether to use Elgamal or RSA as the standard
encryption subkey for a new key. Currently it is Elgamal. They are
both okay: Elgamal needs to be supported anyway becuase it is a MUST
algorithm in OpenPGP and RSA can be used because the primary key will be
RSA and an implementation without RSA support won't be able to use an
Elgamal subkey either.

I have a slight preference towards RSA because that allows to transfer
the key to a smartcard. Given that subkeys are easily changeable it is
not a real advantage, though.

Any opinions? What is PGP's default?

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

dshaw at jabberwocky

May 11, 2009, 10:16 AM

Post #2 of 7 (767 views)
Permalink

Re: Default encryption key algo [In reply to]

On May 11, 2009, at 12:48 PM, Werner Koch wrote:

> Hi,
>
> from all responses we gathered regarding the change of the default
> algorithm for new keys (on several lists) it should be pretty clear
> that
> RSA is a good choice.
>
> The next question is whether to use Elgamal or RSA as the standard
> encryption subkey for a new key. Currently it is Elgamal. They are
> both okay: Elgamal needs to be supported anyway becuase it is a MUST
> algorithm in OpenPGP and RSA can be used because the primary key
> will be
> RSA and an implementation without RSA support won't be able to use an
> Elgamal subkey either.
>
> I have a slight preference towards RSA because that allows to transfer
> the key to a smartcard. Given that subkeys are easily changeable it
> is
> not a real advantage, though.
>
> Any opinions? What is PGP's default?

PGP's default is RSA. They don't really mix key types very much in
the UI. They either do DSA/Elgamal or RSA/RSA.

The smartcard is a good reason to choose RSA, I'd say. (Speaking of
which, do you know when the new cards will be available?)

David

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

wk at gnupg

May 11, 2009, 10:17 AM

Post #3 of 7 (760 views)
Permalink

Re: Default encryption key algo [In reply to]

On Mon, 11 May 2009 19:16, dshaw [at] jabberwocky said:

> The smartcard is a good reason to choose RSA, I'd say. (Speaking of
> which, do you know when the new cards will be available?)

I have two test cards already. I guess we can ship cards this summer.

However the distributor has to decide and thus it may be helpful if you
don't stop buying the old cards right now. There are about 300 produced
cards left over.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

dkg at fifthhorseman

May 11, 2009, 10:29 AM

Post #4 of 7 (765 views)
Permalink

Re: Default encryption key algo [In reply to]

On 05/11/2009 01:16 PM, David Shaw wrote:
> PGP's default is RSA. They don't really mix key types very much in the
> UI. They either do DSA/Elgamal or RSA/RSA.
>
> The smartcard is a good reason to choose RSA, I'd say. (Speaking of
> which, do you know when the new cards will be available?)

RSA seems reasonable to me also, for whatever that's worth. I've been
using RSA encryption-capable subkeys for nearly 2 years with no negative
incidents.

--dkg

Attachments:

signature.asc (0.87 KB)

rjh at sixdemonbag

May 11, 2009, 10:58 AM

Post #5 of 7 (765 views)
Permalink

Re: Default encryption key algo [In reply to]

Werner Koch wrote:
> I have a slight preference towards RSA because that allows to transfer
> the key to a smartcard. Given that subkeys are easily changeable it is
> not a real advantage, though.

I vote for RSA because I'm getting pretty tired of the fixed-size hashes
associated with the various DSAs. This seems to be the cause of a
remarkable number of requests for help on various mailing lists.

RSA makes it easier for end users to switch their hash algorithms, and
that's plenty good enough reason for me.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

jmoore3rd at bellsouth

May 11, 2009, 2:55 PM

Post #6 of 7 (765 views)
Permalink

Re: Default encryption key algo [In reply to]

Werner Koch wrote:

> The next question is whether to use Elgamal or RSA as the standard
> encryption subkey for a new key. Currently it is Elgamal. They are
> both okay: Elgamal needs to be supported anyway becuase it is a MUST
> algorithm in OpenPGP and RSA can be used because the primary key will be
> RSA and an implementation without RSA support won't be able to use an
> Elgamal subkey either.
>
> I have a slight preference towards RSA because that allows to transfer
> the key to a smartcard. Given that subkeys are easily changeable it is
> not a real advantage, though.
>
> Any opinions? What is PGP's default?

Having no clue as to PGP's current 'default' I can only express My
Personal Opinion. That is that I feel that Elgamal, bit for bit, is
'stronger' but I cannot expressly defend that at present. :-\

JOHN 8-)
Timestamp: Monday 11 May 2009, 17:54 --400 (Eastern Daylight Time)

Attachments:

signature.asc (0.64 KB)

wk at gnupg

May 12, 2009, 12:47 AM

Post #7 of 7 (766 views)
Permalink

Re: Default encryption key algo [In reply to]

On Mon, 11 May 2009 19:58, rjh [at] sixdemonbag said:

> I vote for RSA because I'm getting pretty tired of the fixed-size hashes
> associated with the various DSAs. This seems to be the cause of a

Well, in this case it doesn't matter becuase the default subkey is for
encryption only.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads