dkg at fifthhorseman
Jun 26, 2009, 7:39 AM
Post #3 of 4
(1301 views)
Permalink
|
|
Re: Question of a beginner: DSA/ElGamal or RSA/Elgamal with a higher number of encryption?
[In reply to]
|
|
On 06/25/2009 06:30 AM, Alexander Delau wrote:
> I'm a beginner in encrypting E-Mails. It would bei nice if you could help me
> in my question:
>
> I want to use GnuPG with a masterkey (to sign) and a subkey (to encrypt) on
> Windows XP (GnuPG 1.4.9) and Ubuntu (GnuPG ?.?.?).
>
> Now I'm not sure, what keys i should use after typing "gpg --gen-key
> --expert" and what keys are secure.
>
> DSA/ElGamal: It's the default setting, but DSA only encrypts with 1024bit.
> DSA2: I don't know if it's compatible with other versions.
> RSA/ElGamal: RSA can encrypt with 4096bit, but I read that it is more
> unsecure than DSA.
>
> So can I use the default setting DSA/ElGamal 1024/4096 or should I use RSA
> with a higher bit number?
The defaults are about to change to RSA 2048/2048 (with good reason), so
i think you're right to want to do something different than the current
(old) defaults when creating a key you plan on using for the next
several years.
However, i also echo Robert Hansen's advice to avoid the --expert flag
unless you're really already sure of what you want to do.
So:
* use plain ol' "gpg --gen-key" (don't use --expert)
* select RSA (Sign-Only)
* ask for 2048 bits
* create your key as usual, and get back out of gpg.
Then, assuming your new key is $KEYID,
* gpg --edit-key $KEYID
* addkey
* choose an RSA subkey, for encryption, and make it 2048 bits
This should make gpg do what you want it to do without getting into
--expert territory.
hth,
--dkg
|
signature.asc
