I've generated and published a 8192-bit non-expiring RSA 'master' key for signing other keys as well as 2048-bit RSA keys for signing and encryption (expiring in a few years). The master key is protected by
I have not had it signed by other users yet and am concerned that I might want to generate a new keyset before I get the 8192-bit key in wide circulation. I have, however, signed tags in my Git source repository with a subkey... so would it make sense to migrate those subkeys (through trickery i've seen)... or would the fact that they are available under the 8192-bit key be a general problem? Some options I am considering after reading blogs/etc: * Generate RSA 4096-bit master signing key and revoke the 8192-bit key noting that it has been superceded * Generate DSA 3072-bit master signing key and revoke... (this is well supported, right?) * Wait for ECC to be in standard and supported by PGP and GnuPG * Generate ECC key and keep it alongside my better-supported 8192-bit key until better software support arrives (perhaps keeping both well-signed?) - this implies the ECC public key storage for signing it has been set in stone... Any help in this decision would be well appreciated. -- Thomas Harning Jr. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
