On Jun 25, 2009, at 6:30 AM, Alexander Delau wrote:
I'm a beginner in encrypting E-Mails. It would bei nice if you could
help me
in my question:
I want to use GnuPG with a masterkey (to sign) and a subkey (to
encrypt) on
Windows XP (GnuPG 1.4.9) and Ubuntu (GnuPG ?.?.?).
Now I'm not sure, what keys i should use after typing "gpg --gen-key
--expert" and what keys are secure.
There is no one "right" answer here, but there is general advice I can
give.
DSA/ElGamal: It's the default setting, but DSA only encrypts with
1024bit.
Note that DSA is a signing algorithm (it does not do encryption), so
it would be more proper to say that DSA on signs with 1024 bits.
DSA2: I don't know if it's compatible with other versions.
It is compatible with modern versions. GnuPG has supported it since
2006.
RSA/ElGamal: RSA can encrypt with 4096bit, but I read that it is more
unsecure than DSA.
That is not the case.
So can I use the default setting DSA/ElGamal 1024/4096 or should I
use RSA
with a higher bit number?
My advice would be to use a RSA signing key (the "primary" or "master"
key) and a RSA subkey for encryption. The reason for using RSA for
signing is mainly because RSA lets you use larger hashes than DSA
does. DSA2 also lets you use larger hashes, but RSA has been
supported for many years longer than DSA2 has.
As it happens, GnuPG will soon be switching its default key type to
RSA, for essentially this reason.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
