On 10/12/10 4:25 AM, Grant Olson wrote: > > Right. If the hash algo is your only concern, you can just change > that. No need to regenerate a key, unless you're just using that as > an motivator to bump up your key-size and/or create an offline > primary key.
I've already switched the hash preference on the key, it will now use RIPEMD-160 before SHA-1, but it won't accept the higher SHA algorithms. Currently it only switches back to SHA-1 when I'm signing and encrypting to other keys which can't handle RIPEMD-160. > Regarding RSA vs DSA/ElGamal, without having done any research at > all, I'm assuming the defaults in GPG changed from DSA/ElGamal to > RSA/RSA for a reason, so I went with the latter. Since it has already been mentioned that smartcards only work with RSA, that could be a factor. I suspect their development, which I haven't followed too closely, was to address the concerns of OpenPGP users who were unable to control the hardware on which their mail and/or keys were stored and required an additional level of physical security to prevent an unscrupulous systems administrator from accessing a secret keyring (and possibly brute forcing the passphrase). > And apologies, because I know you said you have no intention of > using a smartcard (twice), but if you're creating a key for the next > ten years then it's possible you'll change your mind say five years > from now. It's possible, at this stage unlikely, but I won't rule anything out. I'm already used to having a single key operational for a long time. The key I'm currently using was generated nearly a dozen years ago. Regards, Ben
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
