On 7/6/10 9:09 AM, Robert wrote: > Hi, we're using GnuPG 1.4.5 to encrypt and store sensitive files at > work.
Please consider upgrading to 1.4.10. There have been a lot of changes since 1.4.5, including better support for DSA2 and quite a few minor bugfixes. > If I go with default (DSA and Elgamal) I get a message saying "DSA > keypair will have 1024 bits". > > 1) What does this mean? Is it some kind of 'key-encrypting' to > secure the actual keys? It is not involved in the actual encryption > of data? I don't mean to sound acerbic, but the contents are exactly what's stamped on the tin. DSA is the Digital Signature Algorithm -- a U.S. federal standard for digital signatures. Per the federal standard in existence when 1.4.5 was written, DSA keys were allowed to have either 512 or 1024 bits. GnuPG is simply letting you know the DSA keypair you're creating will have 1024 bits. > 2) Is this the actual 'data-encrypting' keys that will now be > elgamal and size of 2048 bits? If so, is it the same for both public > and secret key? More or less. Getting into more detail will require mathematics and talk about inverse functions and whatnot. "More or less" is accurate enough for most purposes. > 3) This, as I guessed in question 1, is not the actual > data-encrypting key but more like a key-encrypting key? No. It's the ID of the key used for signing data. > 4) what does 'sub' mean? Is this the actual data encrypting key? It means "there is another set of cryptographic keys associated with this signing key." Without seeing the particular subkey I can't promise that it's a set of encryption and decryption keys. However, given what you've said so far, I think it's likely. > 5) Is my secret and public key the same?? They both have the same > id, it's just 'sub' in one place and 'ssb' in the other. They are intimately related, but not identical. > 6) What does 'ssb' mean? ssb is to sub as sec is to pub. ssb = Secret Subkey. > Is the secret and public key displayed as one in the key ring? No. > If so, is it possible to separate these somehow to put the private > key in a safe for example? Yes. If you wish to do this, I'd suggest looking into a tool called Paperkey. > 7) I assume the key rings themselves, holding the keys, are > encrypted. How strong is this encryption in GPG? All algorithms used by GnuPG are considered safe against all known forms of cryptanalysis. And by "safe," I mean "really, anyone with half a brain will find another way to get the information out of you, it'll be so much easier that way." _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
