Gpg: Best practices

From FVue
Jump to: navigation, search

Leave SHA-1 (160 bits) in favor of a stronger hashing algorithm

For example, generate a new 2048 bits RSA signing subkey and add digest-algo SHA512 to your .gnupg/gpg.conf

Time For Higher Security In Digital Email Signatures - Aaron Toponce
Aaron promotes leaving SHA-1 as your signing hashing algorithm, as of Jan 2007

Use separate keys for both encryption and signing

"For historic reasons, GnuPG permits creating ElGamal keys which are usable for both encryption and signing. It is even possible to have one key (the primary one) used for both operations. This is not considered good cryptographic practice, but is permitted by the OpenPGP standard." [1]

With gpg > v1.0.2 you can cafely choose `(1) DSA and Elgamal (default)' when asked for "what kind of key you want". This default key style of GnuPG generates a primary key for signing, and a subkey for encryption. For example, generating a new key with gpg-2.0.4 - selecting all defaults - generates the following key:

 ,+--------------------------------+
+-+  A DSA primary key for signing |
+-----+----------------------------+
      |
   +--+---------------------------------------------------------------------------+
   | pub   1024D/49DF54A7 2008-03-27                                              |
   |       Key fingerprint = B3AB 5053 C94F 29B7 6499  0E79 42D4 86B0 49DF 54A7   |
   | uid                  Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de> |
   | sub   2048g/27B3EAB1 2008-03-27                                              |
   +--+---------------------------------------------------------------------------+
      |                                                                           
 ,+---+-------------------------------+
+-+  An ElGamal subkey for encryption |
+-------------------------------------+

Gpg > v1.0.2 won't allow you to use the ElGamal key for signing anymore. See also Gpg: To ElGamal or not to ElGamal.

Generate a new revocation certificate when revoking your key pair

"If you have an idea about how or when you key was compromised and you generated a revocation certificate during key generation, you will still likely want to generate a new revocation certificate to revoke your key pair. This is the case because the openPGP standard will allow you to specify the reason why you are revoking your key pair and even provide some free text comments about the reason for revocation. The circulation of a revocation certificate with this type of information is likely advantageous and preferable to the circulation of a generic certificate created during key generation." [2]

Choose a keysize of sufficient length

See also: http://www.keylength.com

See also

10 tips for effective use of OpenPGP with GnuPG | IT Security | TechRepublic.com
10 Tips - 2008-02-28

Comments

blog comments powered by Disqus