General GnuPG tips

encryption gpg

Solution 1:

figuring out how to trust sign keys. if you don't gpg will always give you this annoying message "are you sure you want to use this untrusted key??"

do

$ gpg --edit-key NAME
> tsign

And follow the instructions from there.

Solution 2:

I use 4096 bit keys, I see no reason to use anything different. Modern computers are easily powerful enough to decrypt something that high in seconds.

I use an encryption key, which never expires and a signing key which expires yearly.

Solution 3:

We have used it for a long time, and in that time it has been robust, easy to work with, and has worked well across platforms. We regularly encrypt stuff on Linux boxes and decrypt on Windows, and vice-versa. It's a well-vetted, well thought out piece of software that has included new encryption algorithms and standards as they've appeared and has done well for us for secure data storage and transfer over the years.

We use 2048-bit keys and expire them after 2 years. We use gpg.conf to specify encryption algorithms, and having seen the news about SHA-1 have just begun looking into shuffling these up as per http://www.debian-administration.org/users/dkg/weblog/48. We don't maintain a revocation elsewhere, but also don't really use it in a PKI fashion either.

Related

"Workstation" and "Server" Services Keep Stopping
SQL Server: How do you check if it's safe to change the SA password?
HTTP compression in IIS 6.0 causing problems with certain users
Testing that SQL Server 2005 is listening for FreeTDS
VPN endpoint for my IPhone?
How do you force Outlook 2007 to re-index it's seach on Windows XP SP 3?
Cisco ASA5510 Bandwidth Shaping/Limiting
Restore Virtualbox snapshot from backup
How to show a maintenance page for website when our network is down
Write-only access that can see the files present?
Useful contract hints for sysadmin consultants? [closed]
Automatic Notification of New or Changed Files in a Folder or Share [closed]