[HacktionLab] GPG Key Transition
Alan Dawson
aland at burngreave.net
Fri Sep 17 23:43:28 BST 2010
On Fri, Sep 17, 2010 at 05:36:40PM +0100, Mike Harris wrote:
> thanks Alan, I did the setprefs thing as per reading the link you sent
> previously.
>
> So to sum up:
>
> If you have DSA sort it out and generate a new RSA key.
> If you already have a 2048 bit RSA you're alright for the next 20 years!
> If you're slightly more paranoid, or informed, than that, then get an
> 4096 bit RSA key.
The problem is with the SHA1 hash function, so you need to make sure your default preferences avoid SHA1 last.
I just found a nice write up from apache.org
http://www.apache.org/dev/openpgp.html#sha1
http://www.apache.org/dev/openpgp.html#sha-defaults
http://www.apache.org/dev/openpgp.html#key-prefs
http://www.apache.org/dev/openpgp.html#generate-key
Alan Dawson
--
GPG key: http://aland.burngreave.net/files/e81a4bba.gpg.pub.asc
Key Transition: http://aland.burngreave.net/files/keytransition.txt.asc
Further Reading: https://we.riseup.net/alster/openpgp-dsa1-key-rollover
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : http://lists.psand.net/cgi-bin/mailman/private/hacktionlab/attachments/20100917/509a4b63/attachment.pgp
More information about the HacktionLab
mailing list