<dt>Command line key generation</dt>
- <dd>If you prefer using the command line for a higher degree of control, you can follow the documentation from <a href="https://www.gnupg.org/gph/en/manual/c14.html#AEN25">The GNU Privacy Handbook</a>. Make sure you stick with "RSA and RSA" (the default), because it's newer and more secure than the algorithms recommended in the old previously mentioned documentation.</dd>
+ <dd>If you prefer using the command line for a higher degree of control, you can follow the documentation from <a href="https://www.gnupg.org/gph/en/manual/c14.html#AEN25">The GNU Privacy Handbook</a>. Make sure you stick with "RSA and RSA" (the default), because it's newer and more secure than the algorithms recommended documentation. Also make sure your key is at least 2048 bits, or 4096 if you really want to be secure.</dd>
<dt>Advanced key pairs</dt>
<dd>When GnuPG creates a new keypair, it compartmentalizes the encryption function from the signing function through <a href="https://wiki.debian.org/Subkeys">subkeys</a>. If you use subkeys carefully, you can keep your GnuPG identity much more secure and recover from a compromised key much more quickly. <a href="https://alexcabal.com/creating-the-perfect-gpg-keypair/">Alex Cabal</a> and <a href="http://keyring.debian.org/creating-key.html">the Debian wiki</a> provide good guides for setting up a secure subkey configuration.</dd>
projects / enc-live.git / commitdiff