On Thu, Nov 28, 2013 at 10:49 AM, Jerome Leclanche <[email protected]>wrote:
> What's the outcome on this? I'm interested in large keys in default gnupg. > > That said, is there a reason why the patch isnt upstream yet? > J. Leclanche > > It was rejected upstream previously a few times. If we want it, it has to be a patch on upstream in our gpg version. I believe the reasoning that allowing larger key sizes are a performance issue for mobile does not really apply here. Even gpg 2.1. dev is still limited to 4096: Line 1943, max=4096: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keygen.c;h=4bb8bbaed4b27a977b3c2b543dafd335acb538df;hb=refs/heads/master#l6 Ido > > On Mon, Nov 4, 2013 at 3:12 AM, Ido Rosen <[email protected]> wrote: > > Hi, > > I've added gnupg-largekeys, which is the gnupg from Core, but patched > to > > extend the maximum key size to 65535 bits. Please note that unpatched > > versions of gnupg can only import/encrypt to/verify signatures of key > sizes > > up to 16384 bits large, so you could keep your key sizes less than or > equal > > to that size for compatibility. > > > > https://aur.archlinux.org/packages/gnupg-largekeys > > > > I think gnupg2-large-keys.patch would be a great addition into the Arch > > Core gnupg package, if not in its current form then at least modifying it > > to increase the max key size to 16384 instead of 65535. For some > > interesting numbers, take a look at > > http://www.ecrypt.eu.org/documents/D.SPA.20.pdf (especially Table 7.2, > see > > 15424 bit RSA keys). Basically, it'd be nice for users to be able to > > create keys larger than 4096 bits. > > > > Cheers, > > Ido >
