| 1 |
Am Montag 11 November 2013, 11:22:29 schrieb Ulrich Mueller: |
| 2 |
> |
| 3 |
> Looks all good to me, except for one point: |
| 4 |
> > Recommendations: |
| 5 |
> > ---------------- |
| 6 |
> > |
| 7 |
> > 3. Dedicated signing subkey of EITHER: |
| 8 |
> > |
| 9 |
> > 3.1. DSA 2048 bits exactly. |
| 10 |
> > |
| 11 |
> > 3.2. RSA 4096 bits exactly. |
| 12 |
> |
| 13 |
> Isn't it overkill to use 4096 bits for the signing subkey? I'd expect |
| 14 |
> that the level of protection of the keys themselves in a typical |
| 15 |
> developer's environment is far from being a match for this. (Do all |
| 16 |
> devs use a machine for signing that is isolated from the internet? |
| 17 |
> Or use a smartcard, at least?) |
| 18 |
> |
| 19 |
> Also 4096 bits are generally not supported by smartcards. For example, |
| 20 |
> the OpenPGP card (see http://www.g10code.de/p-card.html) in its newest |
| 21 |
> version supports RSA up to 3072 bits only. |
| 22 |
|
| 23 |
These smartcards as currently delivered are perfectly fine with 4096 bit (even |
| 24 |
though 3072 is printed on the card!). That just isn't advertised since at the |
| 25 |
time of design gnupg (the software) had a hard limit at 3072. The limit is |
| 26 |
lifted since 2.0.20. |
| 27 |
|
| 28 |
However, another question is whether to require a signing *subkey*. The cards |
| 29 |
have (as far as I understand it) only one sign/cert key store, meaning they |
| 30 |
can either hold the main key or the signing subkey, but never both. |
| 31 |
|
| 32 |
|
| 33 |
http://dilfridge.blogspot.de/2013/05/openpgp-smartcards-and-gentoo-part-2.html |
| 34 |
|
| 35 |
-- |
| 36 |
Andreas K. Huettel |
| 37 |
Gentoo Linux developer |
| 38 |
kde, council |
Archives