After reading this interesting article, I decided to figure out If I needed a new key and if it was worth the trouble to start a new stronger key.
My needs are much simpler than the debian project's. I don't sign software and I don't encrypt email much. Over the last 5 years I might have sent and received maybe 4 encrypted emails. I'm not a big fan of encryption per se. I am however convinced that signing emails is a good way to fight impersonation. Something that spammer tend to over use these days. So my primary need is to sign emails. For that I don't really need a stronger key - I just need to make GnuPG's default a bit stronger.
I've edited my my gpg.conf file and added the following to it :
enable-dsa2
personal-digest-preferences SHA256 RIPEMD160 SHA1
This ensure that the signing algorithm is stronger - without going through the hassle of creating a new key.
Leave a comment