OpenPGP card: What RSA problems? Why not for key signing?

Werner Koch wk at gnupg.org
Thu Apr 6 11:24:25 CEST 2006


On Wed, 05 Apr 2006 18:22:35 +0200, Felix E Klee said:

> * What are those problems that one may encounter with RSA?

You can't load a non-1024 bit RSA key to the card. RSA keys are
optional in OpenPGP and thus some implementaions may not be abale to
use your key.

> * Why should the key on the card not be used for key signing?

Either becuase people feel that 1024 bit RSA/SHA-1 is not strong
enough or due to the diculties of creating a backup of that key.
Without a backup and a borken card you won't be able to properly use
your key anymore and all collected signatures are practically lost.

> * Is there any advantage in using a DSA master key (not supported by the
>   OpenPGP card, I know) instead of an RSA master key?

DSA signatures are much smaller.

> * What's the best tool for generating the 1024 bit RSA key?  Should I
>   simply use plain "gpg --gen-key --no-random-seed-file" or should the
>   key be generated on card, or does it not really matter?

gpg --gen-key

--no-random-seed-file is only useful if you don't have permission to
write it.


Shalom-Salam,

   Werner




More information about the Gnupg-users mailing list