Just a few follow-up points Quote: My advice has been the same for years: unless you know precisely what you're doing and why, stick with the defaults. GnuPG's defaults are excellent. They make good sense. They interoperate well. Don't mess with them unless you know precisely what you're doing and why.
However in your link: http://sixdemonbag.org/cryptofaq.html#agencies, you recommend other things (as discussed below). >From my limited knowledge, the default GnuPG settings are to create a 1024-bit DSA signing key, a 1024-bit ElGamal encryption key, a 3DES symmetric cipher, and SHA-1 hash. In your link however, you recommend the creation of 1024 or 2048 RSA signing and encryption keys (or DSA2 signing key with RSA encryption key??), and to choose something else other than the SHA-1 hash. It would seem from your the information in your link, it would not be best to follow the default settings in terms of signing/encryption key creation, and hash algorithm. What hash algorithm should I be using, if SHA-1 is not preferred? SHA512?? Who chooses the defaults in terms of DSA/ElGamal signing/encryption keys? Is this set by the GnuPG programmers or they OpenGPG standard? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users