-If you do not have an RSA key yet, generate one. Every developer needs
-a RSA key in order to sign and verify package uploads. You should read
-the PGP manual, since it has much important information which is
-critical to its security. Many more security failures are due to
-human error than to software failure or high-powered spy techniques.
-See <ref id="key-maint"> for more information on maintianing your
-public key.
- <p>
-Debian uses <prgn>pgp</prgn> version 2.6 as its baseline standard.
-You can use <prgn>gpg</prgn> or some other version of <prgn>pgp</prgn>
-if and only if you can create an RSA key compatible with
-<prgn>pgp</prgn> version 2.6. Note that we are also working on the
-ability to use non-RSA keys, since RSA algorithms have patent
-protection, but this is still in early stages.
- <p>
-Your RSA key must be at least 1024 bits long. There is no reason to
-use a smaller key, and doing so would be much less secure. Your key
-must be signed with at least your own user ID. This prevents user ID
-tampering. You can do it by executing <tt>pgp -ks
-<var>your_userid</var></tt>.
+If you do not have an OpenPGP key yet, generate one. Every developer
+needs a OpenPGP key in order to sign and verify package uploads. You
+should read the manual for the software you are using, since it has
+much important information which is critical to its security. Many
+more security failures are due to human error than to software failure
+or high-powered spy techniques. See <ref id="key-maint"> for more
+information on maintianing your public key.
+ <p>
+Debian uses the <prgn>GNU Privacy Guard</prgn> (package
+<package>gnupg</package> version 1 or better as its baseline standard.
+You can use some other implementation of OpenPGP as well. Note that
+OpenPGP is a open standard based on <url id="&url-rfc2440;" name="RFC
+2440">.
+ <p>
+The recommended public key algorithm for use in Debian development
+work is the DSA (Digital Signature Standard). Other key types may be
+used however. Your key length must be at least 1024 bits; there is no
+reason to use a smaller key, and doing so would be much less secure.
+Your key must be signed with at least your own user ID; this prevents
+user ID tampering. <prgn>gpg</prgn> does this automatically.