Forum: help-enMonitor Forum | Start New Thread
|RE: Recommended settings for new key? [ Reply ]|
By: Bernhard Reiter on 2020-09-07 08:52
in general GnuPG/Gpg4win tries to use default settings which are good for most users.
(This is rsa3072 for signing and encryption keys). Otherwise you really have to an individual security assessment. Here is a start of a detailed discussion: https://wiki.gnupg.org/LargeKeys
For Germany, if you really want to know, the https://wiki.gnupg.org/BSIGuidelines
TR-02102-1 documents the mathematical reasoning behind their recommendations.
You can still sign new keys with old ones in principle. Sometimes the old keys use algorithms that are turned off by default because they are considered non secure enough anymore. So if you try the signature, look closely on the output on the command line for a further diagnosis.
Note that currently GnuPG may not accept third party signatures on pubkeys from keyservers because the keyserver infrastructure has been "spammed" and needs to implement some safeguards first. But you can still distribute them your self. (E.g. I tell people to do gpg --fetch-keys
https://intevation.de/~bernhard/bernhard_gpgkey.asc to get my old and my new pubkeys and the signatures.)
|Recommended settings for new key? [ Reply ]|
By: Bernd Leutenecker on 2020-09-06 19:49
After some years it was time to create a new pair of keys - but I wonder which are the recommended settings these days to be on the safe side for some other years?
And as I already created a pair I noticed that I couldn't find a way to sign the new pair with older keys. About 20 years ago I had my key signed on an IT-trade fair and as far as I remember I could pass this kind of trust by signing new keys with an older key which had been signed by somebody else (*) (actually: do I have to use that old key or can I use a more recent one that I had signed with that old key?)
(Sorry, only in German.)