Ian Jackson <ijackson@chiark.greenend.org.uk> writes:
> This may sound like a presumptuous question, but how ready for
> production use is gpg ? I see that there is a Debian package for it,
It is okay to use it for Linux.
> Should I worry that (for example) the key generation will have poor
> properties, or that there might still be implementation bugs which
> would cause signatures to leak my key ?
I'd very much like that I get a report on my way to generate DSA
keys; I think the key is strong enough. I don't use classical strong
primes but those with prime factors of p-1 larger than 160 bits and
those are different for every key so there is less incentive to
setup an attack on the key as it theretical may be possible for
fixed public key parameters which pgp 5 uses. I use this scheme for
ElGamal keys too and Peter Gutmann says that this scheme produces
primes which are strong enough for all pratical purposes.
The random generator is based on Linux /dev/random; for performance
resons I use /dev/urandom for the k-parameter. The random read from
/dev/[u]random is mixed in a way similar to the one used in cryptlib
and has all properties requested by RFC1750.
Interoperation with PGP 5 is okay and if you use the rsa module, you
can work with pgp 2 (there is a minor problem when verifiy a gnupg RSA
signature with pgp 2.6.3 - which claims invalid data but pgp 5 and
opgp both work fine).
> If so then I ought not to generate and publish my long-term DSA key
> yet. If not then I probably should.
It's up to you ;-). Key and signature generation is fine.
Missing features for OpenPGP are:
- preferences are not yes checked (but they are created)
- TripleDES
Alternate user-id are not requested by OpenPGP, but to make
preferences work, I have to add them anyway.
Werner