Project Talk:Infrastructure/Generating GLEP 63 based OpenPGP keys

The method to import ~/gkey-user via % gpg --import ~/gkeys-user/gpghome/pubring.{gpg,kbx} gpg: can't open '/home/michael/gkeys-user/gpghome/pubring.gpg': No such file or directory gpg: no valid OpenPGP data found. gpg: Total number processed: 0 doesn't work for =app-crypt/gnupg-2.1.9. How about keeping ~/gkeys-user on a removeable and or crypted media and suggesting % GNUPGHOME=~/gkeys-user/gpghome gpg --export-secret-subkeys --armor 0x71D573A82F434065 | gpg --import gpg: key 0xFB6DC7DA476C3DAF: public key "Michael Weber " imported gpg: key 0xFB6DC7DA476C3DAF: secret key imported gpg: Total number processed: 3 gpg:              imported: 1 gpg:      secret keys read: 3 gpg: secret keys unchanged: 1 As a result, the secret part of the primary keys stays away from the regular GNUPGHOME=~/.gnupg and can be stored offline. You can identify such a situation by the "sec#" marking in  % gpg --list-secret-keys 0x71D573A82F434065 sec# rsa4096/0xFB6DC7DA476C3DAF 2015-11-03 [expires: 2018-10-18] uid                  [ unknown] Michael Weber  ssb  rsa4096/0x71D573A82F434065 2015-11-03 [expires: 2018-10-18] --Xmw (talk) 09:25, 3 November 2015 (UTC)

I suggest to add a source for "We chose a keysize of 2048bits instead of 4096bits because signing with a 4096bit key is much slower than using a 2048bits key while security improvement in using a 4096bits key over a 2048bits key is minimal." for example: https://gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096 "11.5 Why do people advise against using RSA-4096?" --Jonas Stein (talk) 20:38, 27 August 2018 (UTC)