ietf-openpgp
[Top] [All Lists]

Changing GPG's default key type

2009-05-04 11:05:11

Hi,

Currently, GPG's default key type, the one that is recommended to all new users, is a DSA primary key (1024 bits - not "DSA2") with an Elgamal subkey. We are currently thinking about changing the default primary to a 2048-bit RSA key.

The main benefits of changing the key type is that it can go past the 1024 bit DSA1 limit, and would also not be limited to a 160-bit hash, both of which are getting a little long in the tooth. We could get similar benefits with a DSA2 key, but DSA2 is not nearly as widely implemented as RSA is, so is not a good option for a default key at this time. We will of course continue supporting DSA2 (and DSA "1") as we do now. This is purely a question of what the default key should be.

This is not directly prompted by the recent SHA-1 troubles, but it is somewhat related, as it would let users of the default key type use hashes larger than 160 bits. That said, this is not intended to be a fix for the SHA-1 problems. We are not proposing changing our default signing hash, which will remain SHA-1.

After a bit of internal discussion, we thought it was worth mentioning this here, to see if the OpenPGP community had any issue or other comments. I don't expect this to be a particularly controversial move, but discussion is always welcome.

One issue, of course, is that RSA is not a required key type in OpenPGP, so there could be some implementation out there that won't be able to handle it. I'm not terribly concerned about this, as in practice, the vast majority of code has handled RSA just fine for the past decade, and if a particular user needs to generate a non-RSA key, they can still do so. There are a few other details (RSA signatures are physically larger, etc), but I believe they are outweighed by the benefit of the larger key and additional hash flexibility.

David

<Prev in Thread] Current Thread [Next in Thread>