A Practical Introduction to GNU Privacy Guard in Windows recommends DSA and ElGamal, but I would like to know if RSA is good enough to use these days, and if so, what minimum key size should I use? Is it ok to use SHA-256 for signing (for compatibility with e-mail clients)?
Also, beside e-ignite: Key Types, can you point to other sources for this subject?
RSA/DSA minimum today is 1024 actually, so Elleptical Curves becoming more in use since they are faster and using shorter keys.
To have a similar security as AES256 you will need at least 3 kilobytes key...
Email clients using certificates nowadays - so it's separate thing (X.509), but for using with RSA/DSA most common option is SHA-1 (somewhat weak now).
I recommend study of:
SHA-1 is weak, but not fully broken. SHA-256 is just an extension to SHA-1, currently it's probably also weaker than first thought (given the same weakness is thought to affect the whole sha family), however it still requires a lot of computing power to get a match.
Anyway, in terms of digital signatures, this becomes less of a problem due to the way that's just the final step. There is still encryption first.
As for key size whether RSA or ElGammel/DSA I would recommend 2048 bit keys anyway now. the difference is RSA is based on factorial math while ElGammel/DSA is based on logarithmic math, neither can necessarily be considered better or worse (to not though i that elliptic curve based stuff is closely related to the logarithms stuff).
GPG can only use RSA for signing, not encryption. The default is DSA/Elgamal 1024/2048. The Elgamal default key length used to be 1024, but someone must have decided that was not secure enough. People on the GPG mailing list say that most people shouldn't need more than 2048.
I'm less clear on the various signing algorithms. I know there are issues with SHA-1, but how does this relate to DSA/RSA?
I've had the same key for years that uses the above default values. I don't use it much, but am wondering whether generating a new one is justified.