long-term GPG signing key

Travis H. solinym at gmail.com
Tue Jan 10 04:28:49 EST 2006

I'd like to make a long-term key for signing communication keys using
GPG and I'm wondering what the current recommendation is for such.  I
remember a problem with Elgamal signing keys and I'm under the
impression that the 1024 bit strength provided by p in the DSA is not
sufficiently strong when compared to my encryption keys, which are
typically at least 4096-bit D/H, which I typically use for a year.

The whole reason I'm using a signing key is that I have numerous older
keys which have now expired and so the signatures on them are
worthless.  I don't attend many keysigning parties so it's hard to
make the system work without collecting signatures over a long period
on some very high strength key.  Also, I'd like to use the signing key
as a kind of identity, not tied to any particular email address, and
only used to sign communication keys, which *are* tied to a email
address and have shorter expiration times.

Does anyone have any suggestions on how to do this, or suggestions to
the effect that I should be doing something else?
"If I could remember the names of these particles, I would have been a botanist"
  -- Enrico Fermi -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list