Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

Question of a beginner: DSA/ElGamal or RSA/Elgamal with a higher number of encryption?

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


lex.delau at googlemail

Jun 25, 2009, 3:30 AM

Post #1 of 4 (1885 views)
Permalink
Question of a beginner: DSA/ElGamal or RSA/Elgamal with a higher number of encryption?

I'm a beginner in encrypting E-Mails. It would bei nice if you could help me
in my question:

I want to use GnuPG with a masterkey (to sign) and a subkey (to encrypt) on
Windows XP (GnuPG 1.4.9) and Ubuntu (GnuPG ?.?.?).

Now I'm not sure, what keys i should use after typing "gpg --gen-key
--expert" and what keys are secure.

DSA/ElGamal: It's the default setting, but DSA only encrypts with 1024bit.
DSA2: I don't know if it's compatible with other versions.
RSA/ElGamal: RSA can encrypt with 4096bit, but I read that it is more
unsecure than DSA.

So can I use the default setting DSA/ElGamal 1024/4096 or should I use RSA
with a higher bit number?

Thank you for your help.

Best greetings from Germany
Alexander Delau
--
View this message in context: http://www.nabble.com/Question-of-a-beginner%3A-DSA-ElGamal-or-RSA-Elgamal-with-a-higher-number-of-encryption--tp24200816p24200816.html
Sent from the GnuPG - User mailing list archive at Nabble.com.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dshaw at jabberwocky

Jun 26, 2009, 7:38 AM

Post #2 of 4 (1802 views)
Permalink
Re: Question of a beginner: DSA/ElGamal or RSA/Elgamal with a higher number of encryption? [In reply to]

On Jun 25, 2009, at 6:30 AM, Alexander Delau wrote:

>
> I'm a beginner in encrypting E-Mails. It would bei nice if you could
> help me
> in my question:
>
> I want to use GnuPG with a masterkey (to sign) and a subkey (to
> encrypt) on
> Windows XP (GnuPG 1.4.9) and Ubuntu (GnuPG ?.?.?).
>
> Now I'm not sure, what keys i should use after typing "gpg --gen-key
> --expert" and what keys are secure.

There is no one "right" answer here, but there is general advice I can
give.

> DSA/ElGamal: It's the default setting, but DSA only encrypts with
> 1024bit.

Note that DSA is a signing algorithm (it does not do encryption), so
it would be more proper to say that DSA on signs with 1024 bits.

> DSA2: I don't know if it's compatible with other versions.

It is compatible with modern versions. GnuPG has supported it since
2006.

> RSA/ElGamal: RSA can encrypt with 4096bit, but I read that it is more
> unsecure than DSA.

That is not the case.

> So can I use the default setting DSA/ElGamal 1024/4096 or should I
> use RSA
> with a higher bit number?

My advice would be to use a RSA signing key (the "primary" or "master"
key) and a RSA subkey for encryption. The reason for using RSA for
signing is mainly because RSA lets you use larger hashes than DSA
does. DSA2 also lets you use larger hashes, but RSA has been
supported for many years longer than DSA2 has.

As it happens, GnuPG will soon be switching its default key type to
RSA, for essentially this reason.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dkg at fifthhorseman

Jun 26, 2009, 7:39 AM

Post #3 of 4 (1800 views)
Permalink
Re: Question of a beginner: DSA/ElGamal or RSA/Elgamal with a higher number of encryption? [In reply to]

On 06/25/2009 06:30 AM, Alexander Delau wrote:
> I'm a beginner in encrypting E-Mails. It would bei nice if you could help me
> in my question:
>
> I want to use GnuPG with a masterkey (to sign) and a subkey (to encrypt) on
> Windows XP (GnuPG 1.4.9) and Ubuntu (GnuPG ?.?.?).
>
> Now I'm not sure, what keys i should use after typing "gpg --gen-key
> --expert" and what keys are secure.
>
> DSA/ElGamal: It's the default setting, but DSA only encrypts with 1024bit.
> DSA2: I don't know if it's compatible with other versions.
> RSA/ElGamal: RSA can encrypt with 4096bit, but I read that it is more
> unsecure than DSA.
>
> So can I use the default setting DSA/ElGamal 1024/4096 or should I use RSA
> with a higher bit number?

The defaults are about to change to RSA 2048/2048 (with good reason), so
i think you're right to want to do something different than the current
(old) defaults when creating a key you plan on using for the next
several years.

However, i also echo Robert Hansen's advice to avoid the --expert flag
unless you're really already sure of what you want to do.

So:

* use plain ol' "gpg --gen-key" (don't use --expert)
* select RSA (Sign-Only)
* ask for 2048 bits
* create your key as usual, and get back out of gpg.

Then, assuming your new key is $KEYID,

* gpg --edit-key $KEYID
* addkey
* choose an RSA subkey, for encryption, and make it 2048 bits

This should make gpg do what you want it to do without getting into
--expert territory.

hth,

--dkg
Attachments: signature.asc (0.87 KB)


lex.delau at googlemail

Jun 29, 2009, 1:52 AM

Post #4 of 4 (1728 views)
Permalink
Re: Question of a beginner: DSA/ElGamal or RSA/Elgamal with a higher number of encryption? [In reply to]

I've now chosen RSA 4096/4096 because your answers are plausible to me.

Thank you for helping me!
Alexander Delau


Alexander Delau wrote:
>
> I'm a beginner in encrypting E-Mails. It would bei nice if you could help
> me in my question:
>
> I want to use GnuPG with a masterkey (to sign) and a subkey (to encrypt)
> on Windows XP (GnuPG 1.4.9) and Ubuntu (GnuPG ?.?.?).
>
> Now I'm not sure, what keys i should use after typing "gpg --gen-key
> --expert" and what keys are secure.
>
> DSA/ElGamal: It's the default setting, but DSA only encrypts with 1024bit.
> DSA2: I don't know if it's compatible with other versions.
> RSA/ElGamal: RSA can encrypt with 4096bit, but I read that it is more
> unsecure than DSA.
>
> So can I use the default setting DSA/ElGamal 1024/4096 or should I use RSA
> with a higher bit number?
>
> Thank you for your help.
>
> Best greetings from Germany
> Alexander Delau
>

--
View this message in context: http://www.nabble.com/Question-of-a-beginner%3A-DSA-ElGamal-or-RSA-Elgamal-with-a-higher-number-of-encryption--tp24200816p24250530.html
Sent from the GnuPG - User mailing list archive at Nabble.com.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.