1

I had been using my own PGP key (RSA/1024) for more than 15 years. That key is my identify on the Internet for a long time, and also be used for encrypting a huge data.

Recently, my colleagues told me: "You should create a 2048-bit to getting better encryption, or 4096-bit to getting the best". I found no document that points the 4096-bit is better than 1024-bit, for a private PGP key. Am I wrong?

My private has no expiration time, and I don't want to switch the a new one if there is no security problem with the old. On the other hand, I always keep my private key in a safe place with a safe password. Is is possible to decrypt my data without my private key?

ne3suszr
  • 11
  • 5
  • I'm not an expert in cryptography. – ne3suszr Dec 20 '19 at 01:53
  • 5
    Does this answer your question? [How to estimate the time needed to crack RSA encryption?](https://security.stackexchange.com/questions/4518/how-to-estimate-the-time-needed-to-crack-rsa-encryption). In short: it is unlikely that your 1024 bit key is an danger already now unless you are a very valuable target. But you really should move to a larger key size in the near future. Note that the message you currently encrypt with your 1024 bit key might be stored by an adversary today and decrypted in a few years. – Steffen Ullrich Dec 20 '19 at 06:19
  • 3
    For *you*? No. For the NSA? Maybe. – user253751 Dec 20 '19 at 11:08

1 Answers1

1

While it's recommended to use a key larger than 1024 bits, you could replace your encryption subkey with a larger one, keeping the same signing key (and by extent GPG identity). GPG keypair effectively consists of multiple separate keys (all signed with the same certification key, C in usage).

Note that this will make all data encrypted for the old key inaccessible. You could re-encrypt the data or keep the old encryption key around.

Here's an example of replacing a 2048-bit encryption subkey with 4096-bit key.

$ gpg --edit-key test@example.com
gpg> key 1

sec  rsa2048/10627915E34373B1
     created: 2019-12-27  expires: 2021-12-26  usage: SC
     trust: ultimate      validity: ultimate
ssb* rsa2048/520DD5D5DC5F1214
     created: 2019-12-27  expires: 2021-12-26  usage: E
[ultimate] (1). Test Test <test@example.com>

gpg> addkey
[snip]
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
[snip]
sec  rsa2048/10627915E34373B1
     created: 2019-12-27  expires: 2021-12-26  usage: SC
     trust: ultimate      validity: ultimate
ssb* rsa2048/520DD5D5DC5F1214
     created: 2019-12-27  expires: 2021-12-26  usage: E
ssb  rsa4096/29F957A70823378C
     created: 2019-12-27  expires: 2020-12-26  usage: E
[ultimate] (1). Test Test <test@example.com>

gpg> delkey
Do you really want to delete this key? (y/N) y

sec  rsa2048/10627915E34373B1
     created: 2019-12-27  expires: 2021-12-26  usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa4096/29F957A70823378C
     created: 2019-12-27  expires: 2020-12-26  usage: E
[ultimate] (1). Test Test <test@example.com>
raindev
  • 233
  • 1
  • 11