Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Recommended key size and type for GnuPG?

Tags:

windows

gnupg

A Practical Introduction to GNU Privacy Guard in Windows recommends DSA and ElGamal, but I would like to know if RSA is good enough to use these days, and if so, what minimum key size should I use? Is it ok to use SHA-256 for signing (for compatibility with e-mail clients)?

Also, beside e-ignite: Key Types, can you point to other sources for this subject?

like image 656
alexandrul Avatar asked Apr 26 '09 12:04

alexandrul

People also ask

How big is a GPG key?

At the prompt, specify the key size you want, or press Enter to accept the default. Your key must be at least 4096 bits. Enter the length of time the key should be valid.

What RSA key size should I use?

For RSA keys, the minimum size for clear RSA keys and secure RSA keys on the public key data set (PKDS) is 512 bits. The minimum size for secure RSA keys on the token key data set (TKDS) is 1024 bits and the size must be a multiple of 256.

What encryption does GnuPG use?

Overview. GnuPG is a hybrid-encryption software program because it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key which is used only once.

What is the maximum key size allowed in PGP?

PGP key sizes can range from 1024 bits to 4096 bits. The default key size is 2048 bits.

2 Answers

RSA/DSA minimum today is 1024 bit actually, so Elleptical Curves becoming more in use since they are faster and using shorter keys.

To have a similar security as AES256 you will need at least 3072 bit (384 bytes) key...

Email clients using certificates nowadays - so it's separate thing (X.509), but for using with RSA/DSA most common option is SHA-1 (somewhat weak now).

I recommend study of:

  • http://en.wikipedia.org/wiki/Digital_signature
  • http://en.wikipedia.org/wiki/X.509
  • http://www.rsa.com/rsalabs/node.asp?id=2264
like image 131
Mash Avatar answered Sep 26 '22 19:09

Mash

I know the topic is old, but at this time, DSA 1024 is considered to be too weak, as is SHA-1. You should use RSA 2048 (for signing and encryption) and SHA256 (for digest). Normally, the symmetric algorithm used is AES256, which is good enough.

When encrypting, GPG gzips the data, creates an AES256 key and encrypts the data with it. It then encrypts the AES key with the recipient RSA or ElGamal public key and sends the encrypted AES key + the encrypted data in a pack.

RSA 2048 is said to protect data until 2015 or so, and RSA 4096 would protect data until 2020, based on the predicted computer power at that time. (I'm not totally sure about the dates, but it is logical that a 4096 bit key would be harder to crack than a 2048 bit one)

like image 26
Dolanor Avatar answered Sep 25 '22 19:09

Dolanor
Sign in to Comment

Related questions

Do we need to set Windows environment variables for Java updates anymore?
What is the difference between `process.env.USER` and `process.env.USERNAME` in Node?
Bringing a single stage to the front in windows in JavaFX
Double-buffered waveOutWrite() stuttering like hell
Docker compose containers fail and exit with code 127 missing /bin/env bash
how to install win32clipboard
bitbucket ssh error setsockopt IPV6_TCLASS 8 Operation
How do I set the Windows execution level to ask user for administrator privileges for a Rust program?
How to run a PowerShell Script after Inno Setup installer
I have a GPU and CUDA installed in Windows 10 but Pytorch's torch.cuda.is_available() returns false; how can I correct this?
ERR_CONNECTION_FAILED on Chrome/IE after 20 minutes of working when internet is still connected
How to elegantly create a Windows shortcut start starts a WSL program under X
Windows / Active Directory - User / Groups
Using a Windows Form with Ruby
How do you handle developer access to windows servers?
Windows Command Line: Non Evaluation of Environment Variable
Effective use of gvim over a network
How do I migrate my website, mySQL, php pages, files, settings etc to Amazon EC2? [closed]
Launch Application in a minimized state from Java
Looking for a good WebDAV enabled windows editor [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!