-
The OpenPGP protocol
\footnote{\url{http://tools.ietf.org/search/rfc4880}}
uses asymmetric encryption to protect a session key which is used to encrypt a message. Additionally, it signs messages via asymmetric encryption and hash functions. %% what? - azet
When using PGP, there are a couple of things to take care of:
\begin{itemize}
-\item keylengths (see the section \ref{section:keylengths})
-\item randomness (see the section \ref{section:RNGs})
-\item the choice of RSA vs. DSA
-\item preferences for symmetric ciphers
-\item preferences for hashing
+\item keylengths (see section \ref{section:keylengths})
+\item randomness (see section \ref{section:RNGs})
+\item preference of symmetric encryption algorithm (see section \ref{section:CipherSuites})
+\item preference of hash function (see section \ref{section:CipherSuites})
\end{itemize}
Properly dealing with key material, passphrases and the web-of-trust is outside of the scope of this document. The GnuPG website\footnote{\url{http://www.gnupg.org/}} has a good tutorial on PGP.
-\subsubsection{Keylengths}
-We do not recommend any key length $\le$ 2048 bits. In fact, 4096 bits are probabaly a good choice at the time of this writing.
-
-\subsubsection{RSA vs. DSA}
-\todo{sure?}
-RSA%%\footnote{}
-
-\subsubsection{Symmetric ciphers}
-
-
\subsubsection{Hashing}
-Tell GnuPG to not use SHA-1.
-
-Edit \$HOME/.gnupg/gpg.conf:
+Avoid SHA-1 in GnuPG. Edit \$HOME/.gnupg/gpg.conf:
\begin{lstlisting}[breaklines]
# according to: https://www.debian-administration.org/users/dkg/weblog/48
git.bettercrypto.org / ach-master.git / commitdiff