Issuing my GNUPG keys, choosing between RSA/DSA/ECC/Elgamal,
SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Issuing my GNUPG keys, choosing between RSA/DSA/ECC/Elgamal,
Hi all,
As always, thks for your support.
I've lookied for PGP and GPG in the forums but didn't find anything, so I post a new thread.
Since I can't have FIPS working, and before starting anything else, I want to create a pgp key to secure future executions.
i.e: Brave is asking for one to start; Akonadi Kontact is asking for one, I will need one to encrypt some folders; etc ...
I've found very good answers here [link]https://security.stackexchange.com/questions/72581/new-pgp-key-rsa-rsa-or-dsa-elgamal/72586[/link]
It seems that within GNU Privacy Guard "Pretty Good Privacy" RSA, DSA, Elgamel in 4048 bits are pretty much the same level of security.
I see that ECC benefits in comparison with non-ECC cryptography [...] is the same level of security provided by keys of smaller size.
So I will probably go for an ECC keys.
And I've seen somewhere else that it is not a good idea (practical, maintenance, confusion) to have one key per ID (per email address) so I will have three groups keys, 1.professionnal (6 address) 2.personnal (2 address) 3.public (2 address)
BUT ... my question is about Certification/Authentification/Encryption/Signature
=> Is it better to have ONE key for all, or one key for encryption AND one key for signature/Authentication ?
And all the different compositions that might come out of it, like one key for local encryption (folders, documents, backups); 1 key for messages encryption, 1 key for signature (PDF signature, email signature, ...)
It seems you are confusing terms. I'd recommend either a peek at the "Handbook of Applied Cryptography" or, if too detailed for your needs, at least a look at the openssl wiki. Specifically, the page on elliptic curves should give you some pointers. The NIST overview is also nice - neither are a substitute for a lecture in cryptography or the reference book. You should also dig up some more info on PGP.
tl;dr You are comparing different algorithms/ciphers; RSA/DSA are based on Feistel networks, ECC - the name says it. Hence, it makes no sense to compare the size of your key for all three. Also, ElGamal is part of DSA. Finally, if I remember correct, PGP/GPG is an asymmetric cryptographic protocol, hence you need a public/private key combo.
Thks a lot for all that !
While I was away, I got to read some and clearly see your point, indeed no comparison in size as they have a totally different outcome even though they bear the same security level.
I will stick with the ECC, and will have a pair as required
I see that Kgpg isn't up to date as for mos of the curves, it only propose Curve25519, leaving behind Curve383187; Curve41417; M-221; M-382; M-511 and E-222 E-383 E-521
Of course I have no idea of what I'm talking about, it's just a matter of having choice.
Anyway, as the title says, I can't even create an ECC key pair, not with Kleopatra, not with Kgpg, neither in standard mode nor expert mode (console)
Kgpg, in "expert" mode, I go through the process of choosing option (9) ECC; then (1) Curve25519; then 796 (days); then real name and email address; no comment; then password and ... the windows closes instantly.
I've tried to start Kgpg as root and get that:
Code:
eric@MaxiCrevette:~> su
Password:
MaxiCrevette:/home/eric # kgpg
QStandardPaths: wrong ownership on runtime directory /run/user/1000, 1000 instead of 0
QStandardPaths: wrong ownership on runtime directory /run/user/1000, 1000 instead of 0
"Session bus not found\nTo circumvent this problem try the following command (with Linux and bash)\nexport $(dbus-launch)"
MaxiCrevette:/home/eric # exit
eric@MaxiCrevette:~> kgpg
gpg: out of core handler ignored in FIPS mode
gpg: out of core handler ignored in FIPS mode
gpg: out of core handler ignored in FIPS mode
gpg: out of core handler ignored in FIPS mode
qt.qpa.xcb: QXcbConnection: XCB error: 3 (BadWindow), sequence: 3886, resource id: 36016822, major code: 40 (TranslateCoords), minor code: 0
Last edited by eric.vanh; 08-29-2019 at 09:37 AM.
Reason: added a line of code
I've tried to create a simple RSA/RSA key pair and get that error message.
I don't understand, it worked a month ago ... all I did was to leave for a month with the computer off
I've opened a superuser consol and started Kgpg ... I get this:
Code:
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
gpg: out of core handler ignored in FIPS mode
gpg: out of core handler ignored in FIPS mode
gpg: out of core handler ignored in FIPS mode
QSystemTrayIcon::setVisible: No Icon set
gpg: out of core handler ignored in FIPS mode
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.