long-term GPG signing key

Ian G iang at systemics.com
Tue Jan 10 11:10:44 EST 2006

Travis H. wrote:
> I'd like to make a long-term key for signing communication keys using
> GPG and I'm wondering what the current recommendation is for such.  I
> remember a problem with Elgamal signing keys and I'm under the
> impression that the 1024 bit strength provided by p in the DSA is not
> sufficiently strong when compared to my encryption keys, which are
> typically at least 4096-bit D/H, which I typically use for a year.

1. Signing keys face a different set of
non-crypto threats than to encryption
keys.  In practice, the attack envelope
is much smaller, less likely.  Unless you
have particular circumstances, it's not
as important to have massive strength in
signing keys as it is in encryption keys.

2. DSA has a problem, it relies on a 160
bit hash, which is for most purposes the
SHA-1 hash.  Upgrading the crypto to cope
with current hash circumstances is not
worthwhile;  we currently are waiting on
NIST to lead review in hashes so as to
craft a new generation.  Only after that
is it possible to start on a new "DSA".
So any replacement / fix for DSA is years
away, IMO.  The OpenPGP group has wrestled
with this and more or less decided to defer

3. The RSA patent expired, which means that
RSA no longer has everyone over a barrel.
For various reasons, many projects are
drifting back to RSA for signing and for

> Does anyone have any suggestions on how to do this, or suggestions to
> the effect that I should be doing something else?

If you want something stronger, then I'd
suggest you just use a big RSA key for


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list