Enigmail GnuPG: Which key type/size is best?

[Devinco]

The default key type is DSA and El Gamal.
But RSA appears to be more compatible with PGP (not sure).

What are the benefits of either one?

What is the recommended key size?

From the GnuPG FAQ:

Quote:

4.1) What is the recommended key size?

1024 bit for DSA signatures; even for plain Elgamal signatures. This is sufficient as the size of the hash is probably the weakest link if the key size is larger than 1024 bits. Encryption keys may have greater sizes, but you should then check the fingerprint of this key:

$ gpg --fingerprint <user ID>

As for the key algorithms, you should stick with the default (i.e., DSA signature and Elgamal encryption). An Elgamal signing key has the following disadvantages: the signature is larger, it is hard to create such a key useful for signatures which can withstand some real world attacks, you don't get any extra security compared to DSA, and there might be compatibility problems with certain PGP versions. It has only been introduced because at the time it was not clear whether there was a patent on DSA.

I will only be using Enigmail/GPG for email encryption and signing, not file encryption (except for attachments).
So if you use DSA for the key pair, greater than 1024 bits key size is a weakness?
What about if you use RSA? Is a key size greater than 1024 bits a weakness?
Asymmetric encryption usually benefits from having bigger key sizes.

It doesn't make sense.

[iceni60]

the defaults are safe to use and work fine.

there's a whole podcast about it here, just skip through all the nonsense at the start. it starts at just past 9 minutes
http://www.thepodcastnetwork.com/aud...0051010_19.mp3

you don't need to do any of that with Enigmail though.

BTW, if you ever want to validate anything here's how to do it -
http://httpd.apache.org/dev/verification.html

i think it works the same way with windows too.

[Devinco]

Thank you Iceni60.
This info was very helpful.

GPG is OpenPGP compliant and interoperable with PGP.
I have PGP 8.02 and it was able to import keys from GPG into the PGPKeys program.
PGPKeys imported both DSA/El Gamal and RSA keys.
In PGPKeys, the DSA/El Gamal key properties showed it was DH/DSS 4096/1024 and using AES-256 cipher.
DSA appears to be a part of DSS and El Gamal was derived from DH Diffie-Hellman, so it appears that DSA/El Gamal is equal to DH/DSS.
The RSA imported key showed RSA 4096/4096 and using AES-256 cipher.
Why does the PGPKeys properties show the AES-256 cipher and GPG doesn't?

There was some good info also in the GNU Privacy Handbook.
It explains that while DSA (for signing emails) is only up to 1024 bits, ElGamal (for encrypting emails) can be any bit size.

RSA can be used for both signing and encrypting emails.
RSA can be up to 4096 bits for signing and encrypting email.
RSA appears to be an older standard than DSA.

Since DSA is limited to 1024 bits max, there is not a weakness when it is greater than 1024 bits.
It is currently recommended that RSA be at least 2048 bits long.

For signing, RSA allows up to 4096 bits, DSA 1024 bits.
So only counting bit size, RSA appears to be stronger.
Which would be cryptographically stronger: DSA 1024 bits or RSA 2048 bits?
(the RSA wiki explained that some experts believe that RSA 1024-bit keys may become breakable in the near term)
Is there something inherently wrong with RSA that makes it a bad choice?

For encrypting emails at 2048 bits, which would be stronger: El Gamal or RSA?

If one is stronger than the other, I might as well use that one.

Enigmail is excellent and very well integrated into Thunderbird.
It makes sending and receiving encrypted emails a breeze.

[Devinco]

Quote:

Originally Posted by Devinco

Why does the PGPKeys properties show the AES-256 cipher and GPG doesn't?

Probably because it needs to be upgraded to the new version.

Quote:

Originally Posted by Devinco

So only counting bit size, RSA appears to be stronger.
Which would be cryptographically stronger: DSA 1024 bits or RSA 2048 bits?

No answer here.
Currently DSA 1024 bits is stronger than RSA 1024 bits because of discovered weaknesses.
Based on this old (2002) article, it says that DSA and RSA at the time with then current attacks, provided comparable security at 1024 bits.
PGP DH vs. RSA
There were more recent attacks on RSA as shown in the wiki link on RSA suggesting minimum 2048 bits for RSA.
The whole PGP DH vs. RSA article is long, but there is a lot of good info for those interested.

Quote:

Originally Posted by Devinco

Is there something inherently wrong with RSA that makes it a bad choice?

From the above mentioned article, I understood the following:
Greater bit length does not automatically mean one algorithm is more secure than another.
DSA is part of the DSS standard and implemented by PGP.
Using a DSA/El Gamal key uses one key for signing and a separate key for encrypting the email distributes the risk in case a future weakness is discovered in one or the other.
RSA keys use the same key for both.

Quote:

Originally Posted by Devinco

For encrypting emails at 2048 bits, which would be stronger: El Gamal or RSA?

For all the above reasons, I decided on DSA/El Gamal (1024 bits / 4096 bits).