>>>>> On Sat, 7 Jul 2018, Michał Górny wrote: [Section "Bare minimum requirements"]
> 1. SHA2-series output digest (SHA1 digests internally permitted), > 256bit or more:: > personal-digest-preferences SHA256 Is the config line still needed with current GnuPG versions? > 2. Signing subkey that is different from the primary key, and does not > have any other capabilities enabled. > 3. Primary key and the signing subkey are both of type EITHER: > a. RSA, >=2048 bits (OpenPGP v4 key format or later only) > b. ECC curve 25519 > 4. Expiration date on key and all subkeys set to no more than 900 days > into the future s/key/primary key/ Also be consistent with punctuation, i.e., add a full stop at the end of the sentence. [Section "Recommendations"] > 1. Primary key and the signing subkey are both of type RSA, 2048 bits > (OpenPGP v4 key format or later) > 2. Key expiration renewed annually to a fixed day of the year > 3. Create a revocation certificate & store it hardcopy offsite securely > (it's about ~300 bytes). Ditto for items 1. to 3. here. > 4. Encrypted backup of your secret keys. [...] > Copyright > ========= Insert a blank line after the header. > Copyright (c) 2013 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa Fischer, > Michał Górny. Update the date to "2013, 2018" (and rewrap the paragraph). Ulrich
pgp_vh43BxRdM.pgp
Description: PGP signature
