[Ach] GPG - DSA or RSA?

Michael Zeltner m at niij.org
Wed Nov 20 16:40:16 CET 2013

On 18 Nov 11:58, David Durvaux wrote:
> In the GPG section, we recommend DSA.  For my mind, it's also what I would
> recommend but...

Maybe I'm not up to speed, especially given that I just joined the list
yesterday, but where is that recommendation? I don't see it in the GPG.tex

> I would then conclude with the usual answer: "Well, it depend" ;).  Can we
> really recommend DSA instead of RSA?  The biggest advantage of DSA seems to
> be it's compatbility with GPG wich is clearly important but not a valid
> crypto choice...


Depending on the kind of device the key is supposed to be used on (and given
there are GnuPG ports for Android being worked on these days - see
https://guardianproject.info/code/gnupg/ - there's interesting ideas also
because the YubiKey NEO exposes it's OpenPGP smartcard via NFC, of having a
NFC smartcard implementation to share keys between devices without having the
secret key material on them) I wouldn't always count on having enough entropy.
I have a very minimally set up airgapped machine where I ran out of entropy
multiple times while working on it.

> So, for me, we have basically 2 options:
> - remove any recommendation (at let the default choice: DSA/DSA ;))

RSA/RSA is the default choice in my GnuPG 2.0.22?

Personally, I haven't heard of anyone recommending DSA/Elgamal over RSA/RSA
recently? I'd love to find out if I'm really missing something despite being
subscribed to way too many mailing lists on this sort of topic …

Best from afar,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20131120/d1629ec1/attachment.sig>

More information about the Ach mailing list