Hi, we're using GnuPG 1.4.5 to encrypt and store sensitive files at work. We have been given some requirements to comply with, spawning some general questions. I tried searching in help files but haven't found answers to everything so I'm trying here. If this questions are asked somewhere in documentation, I would be glad to get a link there.
When I choose to generate a key, gpg --gen-key, I am asked what kind of key I want. If I go with default (DSA and Elgamal) I get a message saying "DSA keypair will have 1024 bits". 1) What does this mean? Is it some kind of 'key-encrypting' to secure the actual keys? It is not involved in the actual encryption of data? After this, I get to choose the size of the ELG-E key. I go with default of 2048. 2) Is this the actual 'data-encrypting' keys that will now be elgamal and size of 2048 bits? If so, is it the same for both public and secret key? Now, when I use the command to list my public keys, gpg --list-public-keys, I see my key in the list. Top row lists: pub, 1024D/2D*****7. 3) This, as I guessed in question 1, is not the actual data-encrypting key but more like a key-encrypting key? The next row shows uid which should be user id, nothing strange there. Then I get a row called 'sub'. 4) what does 'sub' mean? Is this the actual data encrypting key? Now, if I choose to list my secret keys, gpg --list-secret-keys, I get the exact same output but 'sec' is replaced with 'pub'. This should verify the 'key-encrypting-key' -thingy. But the rest of the output confuses me: 5) Is my secret and public key the same?? They both have the same id, it's just 'sub' in one place and 'ssb' in the other. 6) What does 'ssb' mean? I can see that the different commands use different files, 'pubring.gpg' and 'secring.gpg', still they seem to list the same key? Is the secret and public key displayed as one in the key ring? If so, is it possible to separate these somehow to put the private key in a safe for example? My final question: 7) I assume the key rings themselves, holding the keys, are encrypted. How strong is this encryption in GPG? What algorithm is used, etc? One requirement is about compromising the machine with the keys, how easy it would be to export the keys. Since the keyring is physically located on the machine. Thanks in advance, Regards, Robert
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
