The thing that jeopardizes 2048 bit RSA keys is probably going to make all of RSA untenably risky. By all means, generate a 4096 bit key; it doesn't really cost you anything in a GPG setting. But the default is fine.
This entire blog post is an indictment on the sad state of affairs surrounding UX around crypto. There's so much intrinsic complexity around proper crypto that the focus should be on removing as much accidental complexity as possible.
Yesterday, I installed GPGMail on my Mac and had it generate a keypair, and the procedure was actually rather pleasant and clear. I did not know yet about this master- and subkey scenario, and the setup wizard did not offer this option, but I think the UI could be extended to support this without too much extra hassle.
well, yeah, people just --gen-key and that's it.
using subkeys is probably a good idea. using expiration properly is certainly a good idea. understanding gpg's trust structure sounds like a good idea.
However, even this guide is probably a little too long, and unfortunately many will not take the time to read it.
Oh yeah also the primary key is called, well, primary, not master. I do that mistake pretty often tho.
Ok implementing this I realized the obvious flaw: you can't use this key to sign other keys. And I can find no way to configure a subkey in GPG to do this (I suppose it might exist, GPG is dark and mysterious).
Surely, surely it would be easier to just make two keypairs, store the master and then sign your "daily driver" key? This seems like a lot of effort making gpg do things it doesn't want to do for little practical gain - the full perfect key is still ideally offline.
Lately there have been a few discussions about PGP keys and smartcards are always mentioned. Would smartcards be a solution for the client-side crypto objections? Could you make a secure version of cryptocat by just making it a wrapper around a smartcard reader? Could you use a smartcard to make secure use of PGP in webmail feasible?
A waste of time. You should be using a strong passphrase so that it doesn't matter if your laptop is stolen.
We all use osx though so if any of us become high-value targets they'll just root our machines remotely with the help of Apple software update and steal our keys from ram or log our keystrokes directly.
The problem with a strong passphrase is remembering it and entering it quickly. I can keep a few 12-14 characters passwords in my head, but that's about it.
I like the concept of passphrases, but they're too long to be manageable when you need to type them in a bunch of times.
It's the same thing of root/intermediate TLS certificates. You basically store the root in the safe and keep the intermediate online, so you can use it sign stuff (eg: generate certificates for customers' domains). If the intermediate is compromised, you revoke it, get the root and generate a new intermediate.
[+] [-] tptacek|12 years ago|reply
[+] [-] fintler|12 years ago|reply
[+] [-] shalmanese|12 years ago|reply
[+] [-] gpvos|12 years ago|reply
[+] [-] rdl|12 years ago|reply
I'd take an RSA 2048 smartcard before an RSA 4096 on my Mac.
[+] [-] unimpressive|12 years ago|reply
[+] [-] zobzu|12 years ago|reply
However, even this guide is probably a little too long, and unfortunately many will not take the time to read it.
Oh yeah also the primary key is called, well, primary, not master. I do that mistake pretty often tho.
[+] [-] Spooky23|12 years ago|reply
For example, I might want to have the ability to sigh messages on an ipad, and revoke the keyif the device is stolen.
[+] [-] XorNot|12 years ago|reply
Surely, surely it would be easier to just make two keypairs, store the master and then sign your "daily driver" key? This seems like a lot of effort making gpg do things it doesn't want to do for little practical gain - the full perfect key is still ideally offline.
[+] [-] pedrocr|12 years ago|reply
[+] [-] sneak|12 years ago|reply
We all use osx though so if any of us become high-value targets they'll just root our machines remotely with the help of Apple software update and steal our keys from ram or log our keystrokes directly.
[+] [-] XorNot|12 years ago|reply
I like the concept of passphrases, but they're too long to be manageable when you need to type them in a bunch of times.
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] gpvos|12 years ago|reply
[+] [-] zokier|12 years ago|reply
[+] [-] giovannibajo1|12 years ago|reply
[+] [-] hebz0rl|12 years ago|reply