Quote from: 00OOIlI00lO1O0 on January 12, 2013, 08:12 am"but... you didn't use your own key to encrypt the address."Correct, it would only be an issue if you corresponded back and forth with the seller or signed your messages. Parties would also have had to store messages. For the most part, PGP protects you. When you said: "I've seen vendors with 1024-bit DSA primary and 512-bit subkeys.", does this mean that the raw length of a vendor's public key block doesn't indicate the number of bits of encryption it has?The 1024-bit DSA key is for signing -- the DSA stands for Digital Signing Algorithm. The 512-bit Elgamal encryption sub-key is for encryption. Given that you have two keys, each can be of differing sizes. According to the NIST standard, DSA keys should be a maximum of 1024-bits. Extensions to that standard have been implemented, raisng the DSA keys to 2048 or even 3072-bits. Elgamal encryption keys can be as large as 4096-bits. Even when using RSA keypairs, it is entirely possible to have keys of different sizes. It is entirely possible to have an RSA signing key of 2048-bits, while the encryption sub-key is 4096-bits. Nightcrawler <Nightcrawler@SR>PGP-Key: 4096R/BBF7433B 2012-09-22Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433BPGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090