On Thu, Nov 28, 2013 at 10:49 AM, Jerome Leclanche <adys.wh@gmail.com>wrote:
What's the outcome on this? I'm interested in large keys in default gnupg.
That said, is there a reason why the patch isnt upstream yet? J. Leclanche
It was rejected upstream previously a few times. If we want it, it has to be a patch on upstream in our gpg version. I believe the reasoning that allowing larger key sizes are a performance issue for mobile does not really apply here. Even gpg 2.1. dev is still limited to 4096: Line 1943, max=4096: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keygen.c;h=... Ido
On Mon, Nov 4, 2013 at 3:12 AM, Ido Rosen <ido@kernel.org> wrote:
Hi, I've added gnupg-largekeys, which is the gnupg from Core, but patched to extend the maximum key size to 65535 bits. Please note that unpatched versions of gnupg can only import/encrypt to/verify signatures of key sizes up to 16384 bits large, so you could keep your key sizes less than or equal to that size for compatibility.
https://aur.archlinux.org/packages/gnupg-largekeys
I think gnupg2-large-keys.patch would be a great addition into the Arch Core gnupg package, if not in its current form then at least modifying it to increase the max key size to 16384 instead of 65535. For some interesting numbers, take a look at http://www.ecrypt.eu.org/documents/D.SPA.20.pdf (especially Table 7.2, see 15424 bit RSA keys). Basically, it'd be nice for users to be able to create keys larger than 4096 bits.
Cheers, Ido