On Thu, Nov 28, 2013 at 5:48 PM, Ido Rosen <[email protected]> wrote: > On Thu, Nov 28, 2013 at 10:49 AM, Jerome Leclanche <[email protected]>wrote: > >> What's the outcome on this? I'm interested in large keys in default gnupg. >> >> That said, is there a reason why the patch isnt upstream yet? >> J. Leclanche >> >> > It was rejected upstream previously a few times. > > If we want it, it has to be a patch on upstream in our gpg version. I > believe the reasoning that allowing larger key sizes are a performance > issue for mobile does not really apply here.
That sounds like the kind of perfect use case for a compile-time option. J. Leclanche > > Even gpg 2.1. dev is still limited to 4096: > Line 1943, max=4096: > http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keygen.c;h=4bb8bbaed4b27a977b3c2b543dafd335acb538df;hb=refs/heads/master#l6 > > Ido > > >> >> On Mon, Nov 4, 2013 at 3:12 AM, Ido Rosen <[email protected]> wrote: >> > Hi, >> > I've added gnupg-largekeys, which is the gnupg from Core, but patched >> to >> > extend the maximum key size to 65535 bits. Please note that unpatched >> > versions of gnupg can only import/encrypt to/verify signatures of key >> sizes >> > up to 16384 bits large, so you could keep your key sizes less than or >> equal >> > to that size for compatibility. >> > >> > https://aur.archlinux.org/packages/gnupg-largekeys >> > >> > I think gnupg2-large-keys.patch would be a great addition into the Arch >> > Core gnupg package, if not in its current form then at least modifying it >> > to increase the max key size to 16384 instead of 65535. For some >> > interesting numbers, take a look at >> > http://www.ecrypt.eu.org/documents/D.SPA.20.pdf (especially Table 7.2, >> see >> > 15424 bit RSA keys). Basically, it'd be nice for users to be able to >> > create keys larger than 4096 bits. >> > >> > Cheers, >> > Ido >>
