long-term GPG signing key
Travis H.
solinym at gmail.com
Tue Jan 10 04:28:49 EST 2006
I'd like to make a long-term key for signing communication keys using
GPG and I'm wondering what the current recommendation is for such. I
remember a problem with Elgamal signing keys and I'm under the
impression that the 1024 bit strength provided by p in the DSA is not
sufficiently strong when compared to my encryption keys, which are
typically at least 4096-bit D/H, which I typically use for a year.
The whole reason I'm using a signing key is that I have numerous older
keys which have now expired and so the signatures on them are
worthless. I don't attend many keysigning parties so it's hard to
make the system work without collecting signatures over a long period
on some very high strength key. Also, I'd like to use the signing key
as a kind of identity, not tied to any particular email address, and
only used to sign communication keys, which *are* tied to a email
address and have shorter expiration times.
Does anyone have any suggestions on how to do this, or suggestions to
the effect that I should be doing something else?
--
"If I could remember the names of these particles, I would have been a botanist"
-- Enrico Fermi -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list