Werner Koch wrote: > > It took me infinitely longer to type the pass-phrase for the signing
> > than it took to actually create the sigs which seemed to be almost > > instantaneous. Timing the signing is sort of ridiculous > > That is true for your desktop box. However, for small > devices like PDAs a 4k RSA key is a lot of work. The problem > might not be the generation or verification of a single > signature but some of use have hundreds of signatures on > their key and checking them all will take a lot of time. The software only needs to verify the signatures that are going to affect the trust of the key. For a lot of people this will usually be a very small number (0 or 1). Even if a key has hundreds of signatures, it is unlikely that the user has (a) installed those hundreds of keys onto the device, and (b) granted key-signing trust to more than a few of them. None of the mobile phones I tried had no trouble using RSA 4096 to encrypt or decrypt a 16 byte key. If the phone has a JVM and/or a web browser, RSA 4096 and AES should be no problem. Regards, Brian _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
