0

I have a GPG key with a keylength of DSA/1024. I can create new subkeys with a larger keysize, for example RSA/2048. According to Jens Erat this is an approach others currently do in practice.

Is this really a higher security then? Is there a difference in signing or encrypting with a RSA/2048 subkey of a RSA/2048 primary key compared to a RSA/2048 subkey of a DSA/1024 primary key?

I have created RSA/2048 subkeys to my DSA/1024 primary key and exported them to import them in OpenKeychain on an Android phone. But OpenKeychain complains that "This key is not secure". Is OpenKeychain wrong here or is it really not helpful to create subkeys with a larger keylength than their primary key?

radlan
  • 103
  • 2

1 Answers1

0

As I already noted in the linked answer, the decision to take is

  • losing all certifications you have versus
  • keeping all your certifications but taking the risk of somebody being able to revoke your keys, issue new certifications, signatures and generate new keys; but at least messages to your new encryption subkey are safe.

This is not an approach I would take, in fact. In fact, I revoked my old key some time ago and chose to create a new, stronger one.

Considering your question on Openkeychain warning about insecure keys -- it is completely right about that. As explained in the other answer (and above), adding a subkey does not make your primary key strong -- it just adds some more security for a well-defined use case. Openkeychain warns about all RSA, DSA and elGamal keys smaller than 2048 bits.

DSA keys are generally considered problematic, as they have high requirements regarding a strong random number generator. Especially for an RSA primary key, I'd go for 4096 bits in size: unlike high traffic servers that have to consider computational effort, OpenPGP keys are used rather rarely (even if you sign every message you send, this is just a few dozen times a day compared to hundreds of requests per second).

Jens Erat
  • 18,485
  • 14
  • 68
  • 80