Best encryption and signing algorithm for GnuPG: RSA/RSA or DSA/Elgamal?

security encryption gnupg rsa dsa
33,423

Solution 1

Trustworthy Recommendations

When at the time of the last post, there still was debate on changing default algorithms still found in web archive which had rough consensus, the switch to RSA 2k keys as default has been performed.

Debian recommends using a 4k RSA key in their document about using subkeys and debian-keys readme file. A vast majority of about three quarters of keys in debian developers keyring is (still) DSA/Elgamal (counted by grepping through gpg's output).

In an interview with iX (a German computer sciences magazine, issue 11/2013, also available online for free), the inventor of PGP Phil Zimmermann recommends "at least 3k length when using RSA", although 1k keys are not broken yet. But they're "in reach of attackers rich in resources".

Regarding Security

Right now both are said to be secure for adequate key sizes (4k recommended for RSA, 2k necessary for DSA2, otherwise you will use DSA1 which uses SHA-1).

For selecting a RSA key length, have a look at an overview on the actual strength provided by NIST (p. 64). It is easy to see that the strength does not linearly grow with the key length (and computing time), so double size does not mean "double security".

There was a problem with OpenSSL's DSA-implementation on Debian, but this was caused by using bad random data and could have happened with RSA, too.

Choosing Between RSA and DSA2

pro RSA

  • RSA is more wide-spread, though not necessary in OpenPGP standard, all major implementations can deal with it; DSA2 not (yet)
  • RSA offers much faster signature checking

pro DSA2

  • Smaller signatures, but they're small anyway; for e-mail and code signing probably negligible
  • Faster key creation (can be relevant on low power and embedded devices like mobiles and routers)
  • Slightly faster for signing

My own Decision

When recently creating a new OpenPGP key, I decided to go for 8k RSA for primary keys and 4k RSA as subkeys for daily use. RSA signatures are fast to verify anyway and the huge 8k signatures are only used for signing other keys, but 8k should be considered sufficient for a really long time. 4k is fine for a current subkey as it's cheap to revoke it without loosing all your signatures.

Creating that 8k key took about 20 minutes on my Core 2 Duo T9300, so take your time and do some work (for feeding the random source).

Solution 2

Whereas I opted for a 4K RSA master key with a 3K RSA signing subkey and a 4K El-Gamal encryption subkey. The only reason I haven't gone for a higher master key at this point is because of the prevalence of users with mobile devices which really struggle with the larger keys.

Of course I do have larger keys for certain specific purposes, but that tends not to be for communication with others.

Share:
33,423

Related videos on Youtube

The-Q
Author by

The-Q

Updated on September 18, 2022

Comments

  • The-Q
    The-Q over 1 year

    I have found this relatively old question about whether RSA or DSA is the preferred algorithm for signing and encrypting with GnuPG.

    When using gpg --gen-key, the two relevant choices are either "RSA and RSA" or "DSA and Elgamal". Which is better? What are the pros and cons for each? Has anything changed since 2009?

  • code_monk
    code_monk over 8 years
    why El-Gamal for encryption?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to automatically delete the original files after encrypting with GPG?
How does S/MIME differ from PGP/GPG, for the purpose of signing and/or encrypting email?
Short, easy to understand explanation of GPG/PGP for nontechnical people?
What is better for GPG keys - RSA or DSA?
Integrate GnuPG with Outlook
Encrypt file using PGP/GPG having multiple recipients
How to check if a GPG encrypted file is encrypted using a specific public key?
Strength of RSA Encrypting an AES Key
Generating RSA keys for given modulus and exponent
What's the difference between id_rsa.pub and id_dsa.pub?