Enigmail GnuPG: Which key type/size is best?

Discussion in 'privacy technology' started by Devinco, Nov 3, 2006.

Thread Status:
Not open for further replies.
  1. Devinco
    Offline

    Devinco Registered Member

    The default key type is DSA and El Gamal.
    But RSA appears to be more compatible with PGP (not sure).

    What are the benefits of either one?

    What is the recommended key size?

    From the GnuPG FAQ:
    I will only be using Enigmail/GPG for email encryption and signing, not file encryption (except for attachments).
    So if you use DSA for the key pair, greater than 1024 bits key size is a weakness?
    What about if you use RSA? Is a key size greater than 1024 bits a weakness?
    Asymmetric encryption usually benefits from having bigger key sizes.

    It doesn't make sense.
  2. iceni60
    Offline

    iceni60 ( ^o^)

    Last edited: Nov 3, 2006
  3. Devinco
    Offline

    Devinco Registered Member

    Thank you Iceni60.
    This info was very helpful. :)

    GPG is OpenPGP compliant and interoperable with PGP.
    I have PGP 8.02 and it was able to import keys from GPG into the PGPKeys program.
    PGPKeys imported both DSA/El Gamal and RSA keys.
    In PGPKeys, the DSA/El Gamal key properties showed it was DH/DSS 4096/1024 and using AES-256 cipher.
    DSA appears to be a part of DSS and El Gamal was derived from DH Diffie-Hellman, so it appears that DSA/El Gamal is equal to DH/DSS.
    The RSA imported key showed RSA 4096/4096 and using AES-256 cipher.
    Why does the PGPKeys properties show the AES-256 cipher and GPG doesn't?

    There was some good info also in the GNU Privacy Handbook.
    It explains that while DSA (for signing emails) is only up to 1024 bits, ElGamal (for encrypting emails) can be any bit size.

    RSA can be used for both signing and encrypting emails.
    RSA can be up to 4096 bits for signing and encrypting email.
    RSA appears to be an older standard than DSA.

    Since DSA is limited to 1024 bits max, there is not a weakness when it is greater than 1024 bits.
    It is currently recommended that RSA be at least 2048 bits long.

    For signing, RSA allows up to 4096 bits, DSA 1024 bits.
    So only counting bit size, RSA appears to be stronger.
    Which would be cryptographically stronger: DSA 1024 bits or RSA 2048 bits?
    (the RSA wiki explained that some experts believe that RSA 1024-bit keys may become breakable in the near term)
    Is there something inherently wrong with RSA that makes it a bad choice?

    For encrypting emails at 2048 bits, which would be stronger: El Gamal or RSA?

    If one is stronger than the other, I might as well use that one.

    Enigmail is excellent and very well integrated into Thunderbird.
    It makes sending and receiving encrypted emails a breeze.
  4. Devinco
    Offline

    Devinco Registered Member

    Probably because it needs to be upgraded to the new version.

    No answer here.
    Currently DSA 1024 bits is stronger than RSA 1024 bits because of discovered weaknesses.
    Based on this old (2002) article, it says that DSA and RSA at the time with then current attacks, provided comparable security at 1024 bits.
    PGP DH vs. RSA
    There were more recent attacks on RSA as shown in the wiki link on RSA suggesting minimum 2048 bits for RSA.
    The whole PGP DH vs. RSA article is long, but there is a lot of good info for those interested.

    From the above mentioned article, I understood the following:
    Greater bit length does not automatically mean one algorithm is more secure than another.
    DSA is part of the DSS standard and implemented by PGP.
    Using a DSA/El Gamal key uses one key for signing and a separate key for encrypting the email distributes the risk in case a future weakness is discovered in one or the other.
    RSA keys use the same key for both.

    For all the above reasons, I decided on DSA/El Gamal (1024 bits / 4096 bits).
Thread Status:
Not open for further replies.