[EMAIL PROTECTED] wrote:
16k rsa keys are very bulky to use, and provide *very, very, long* signatures (i tried it out just to see what would happen,;-) but see no advantage, and have not bothered to make a another key for security use, after trying the test key but if you really want to try out of curiosity and then be done with it, it is compatible with gnupg
My previous message somehow didn't made it to the list. Anyhow, I can only confirm what you wrote. If you want to play with 16k RSA key, one way to do it is to use "openssl genrsa -des3 -out long.key 16384". You can then create self signed certificate to play with. It takes somewhere around 13-14 minutes to generate 16k RSA key on 2.8GHz Pentium D. On slower machine, it can take hours to generate 16k RSA key. So have lots of patience when experimenting. Very soon you'll realize why nobody uses such long keys. The 4k limit is there for your own protection ;-) If you really have tons of time to waste, openssl will allow you to create even longer keys (why not try 262144 bit long key, and let us know how long it took to generate).
From the security standpoint, more bits do not buy you more security. Having 16k key or 2k key will buy you about the same security. It is not all in the key lenght. My opinion is, just use 2k key. It will serve you well. I generated one 4k key some time ago, and have almost never used it. Looking back, that was really pointless thing to do.
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
