Am Freitag 19 März 2021 08:24:53 schrieb Werner Koch via Gnupg-users:
> On Fri, 19 Mar 2021 01:50, Ángel said:
> > The FAQis outdated. GnuPG was indeed updated some years ago to use 3072
> > as the default size for rsa
>
> Actually 7 months:
> Noteworthy changes in version 2.2.22 (2020-08-27)
> ---
On Fri 2021-03-19 15:30:51 -0700, Mark via Gnupg-users wrote:
> It also has issues with signed messages and lists. For example you
> signed this message but it says "uncertain digital signature". I don't
> remember this being an issue in the older TB/Enigmail.
Signed messages on mailing lists tha
On Fri 2021-03-19 08:29:12 +0100, Werner Koch via Gnupg-users wrote:
> You may also skip the menu thing and use
>
> gpg --quick-gen-key b...@example.com future-default
I agree with Werner's recommendation of using --quick-gen-key and
future-default.
If you're going to provide an e-mail address-
It also has issues with signed messages and lists. For example you
signed this message but it says "uncertain digital signature". I don't
remember this being an issue in the older TB/Enigmail.
On 3/19/2021 10:42 AM, Werner Koch via Gnupg-users wrote:
On Fri, 19 Mar 2021 03:33, Robert J. Hansen
It "does and it doesn't" I have some that were created in Kleopatra and
then imported into Thunderbird 78. As for creating them, no You
don't get to choose any options when generating ECC keys.
On 3/19/2021 12:33 AM, Robert J. Hansen via Gnupg-users wrote:
The next default is ECC (ed25519+cv
On Fri, 19 Mar 2021 03:33, Robert J. Hansen said:
> Last I checked, Thunderbird 78 did not support ed25519+cv25519
> keys. That's not a niche implementation.
I did extensive test with Ribose to make sure that RNP (the crypto
engine now used by TB) is compatible with GnuPG. Thus I wonder why TB
g
On Fri, 19 Mar 2021 08:33:17 +0100,
Robert J. Hansen via Gnupg-users wrote:
>
> > The next default is ECC (ed25519+cv25519) which is supported by most
> > OpenPGP implementations. Only if you have a need to communicate with
> > some niche implementaions you need to use rsa3072.
>
> Last I checke
The next default is ECC (ed25519+cv25519) which is supported by most
OpenPGP implementations. Only if you have a need to communicate with
some niche implementaions you need to use rsa3072.
Last I checked, Thunderbird 78 did not support ed25519+cv25519 keys.
That's not a niche implementation.
On Thu, 18 Mar 2021 19:34, David Mehler said:
> in the output there's ECC output should I go with an ECC-style key or
> RSA? As regards RSA keysize I typically use 4096.
The next default is ECC (ed25519+cv25519) which is supported by most
OpenPGP implementations. Only if you have a need to commu
On Fri, 19 Mar 2021 01:50, Ángel said:
> The FAQis outdated. GnuPG was indeed updated some years ago to use 3072
> as the default size for rsa
Actually 7 months:
Noteworthy changes in version 2.2.22 (2020-08-27)
-
* gpg: Change the default key a
I'd like to know current best practices for obtaining a new one?
This question gets asked so often that it has its own FAQ entry. Yes,
parts of the FAQ are outdated, but this particular one is very current.
https://www.gnupg.org/faq/gnupg-faq.html#tuning
* You don't need to "tune" GnuPG bef
Reading the URLs given by the OP, I see that the GPG FAQ (1) talks about
a default of '2048' but in the latest (2.2.17) release of GPG it looks
like the default is now '3072':
Yep.
[puts on maintainer hat]
The last time I suggested revisions to that text there was no community
consensus on wh
On 2021-03-18 at 15:15 +0100, john doe via Gnupg-users wrote:
> Reading the URLs given by the OP, I see that the GPG FAQ (1) talks
> about a default of '2048' but in the latest (2.2.17) release of GPG
> it looks like the default is now '3072':
> What keysize do you want? (3072)
>
>
> Am I missing
Hello,
Thanks all. I am definitely wanting a new key.
With regards the info John posted:
gpg --expert --full-gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
On Thu, 18 Mar 2021 00:06, David Mehler said:
> My existing GPG certificate is going to expire in less than a month.
> I'd like to know current best practices for obtaining a new one? In
Do you really want a new one? Usually it is easier to prolong your key.
By default a new key has an expire da
On 3/18/2021 2:39 PM, Andreas K. Huettel wrote:
https://www.gentoo.org/glep/glep-0063.html
https://wiki.gentoo.org/wiki/Project:Infrastructure/Generating_GLEP_63_based_OpenPGP_keys
Reading the URLs given by the OP, I see that the GPG FAQ (1) talks about
a default of '2048' but in the latest (2
https://www.gentoo.org/glep/glep-0063.html
https://wiki.gentoo.org/wiki/Project:Infrastructure/Generating_GLEP_63_based_OpenPGP_keys
> On the pages, I get 'There is currently no text in this page. You can
> search for this page title in other pages, or ...'.
> Am I missing something?
Only that km
On 3/18/2021 10:21 AM, Andreas K. Huettel wrote:
Hi David,
when Gentoo switched to requiring gpg-signed git commits and pushes, we put
some thought into requirements and best practices. Minus the Gentoo-specific
parts, this is probably good reading:
https://www.gentoo.org/glep/glep-0063.html
ht
Hi David,
when Gentoo switched to requiring gpg-signed git commits and pushes, we put
some thought into requirements and best practices. Minus the Gentoo-specific
parts, this is probably good reading:
https://www.gentoo.org/glep/glep-0063.html
https://wiki.gentoo.org/wiki/Project:Infrastructur
Hello,
My existing GPG certificate is going to expire in less than a month.
I'd like to know current best practices for obtaining a new one? In
particular I'm looking for the best protocol and strength for a
security not a performance stance. The certificate will mainly be used
for verifying and s
20 matches
Mail list logo
