[aur-general] Fwd: gnupg-largekeys in AUR
Hi, I've added gnupg-largekeys, which is the gnupg from Core, but patched to extend the maximum key size to 65535 bits. Please note that unpatched versions of gnupg can only import/encrypt to/verify signatures of key sizes up to 16384 bits large, so you could keep your key sizes less than or equal to that size for compatibility. https://aur.archlinux.org/packages/gnupg-largekeys I think gnupg2-large-keys.patch would be a great addition into the Arch Core gnupg package, if not in its current form then at least modifying it to increase the max key size to 16384 instead of 65535. For some interesting numbers, take a look at http://www.ecrypt.eu.org/documents/D.SPA.20.pdf (especially Table 7.2, see 15424 bit RSA keys). Basically, it'd be nice for users to be able to create keys larger than 4096 bits. Cheers, Ido
What's the outcome on this? I'm interested in large keys in default gnupg. That said, is there a reason why the patch isnt upstream yet? J. Leclanche On Mon, Nov 4, 2013 at 3:12 AM, Ido Rosen <ido@kernel.org> wrote:
Hi, I've added gnupg-largekeys, which is the gnupg from Core, but patched to extend the maximum key size to 65535 bits. Please note that unpatched versions of gnupg can only import/encrypt to/verify signatures of key sizes up to 16384 bits large, so you could keep your key sizes less than or equal to that size for compatibility.
https://aur.archlinux.org/packages/gnupg-largekeys
I think gnupg2-large-keys.patch would be a great addition into the Arch Core gnupg package, if not in its current form then at least modifying it to increase the max key size to 16384 instead of 65535. For some interesting numbers, take a look at http://www.ecrypt.eu.org/documents/D.SPA.20.pdf (especially Table 7.2, see 15424 bit RSA keys). Basically, it'd be nice for users to be able to create keys larger than 4096 bits.
Cheers, Ido
On Thu, Nov 28, 2013 at 10:49 AM, Jerome Leclanche <adys.wh@gmail.com>wrote:
What's the outcome on this? I'm interested in large keys in default gnupg.
That said, is there a reason why the patch isnt upstream yet? J. Leclanche
It was rejected upstream previously a few times. If we want it, it has to be a patch on upstream in our gpg version. I believe the reasoning that allowing larger key sizes are a performance issue for mobile does not really apply here. Even gpg 2.1. dev is still limited to 4096: Line 1943, max=4096: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keygen.c;h=... Ido
On Mon, Nov 4, 2013 at 3:12 AM, Ido Rosen <ido@kernel.org> wrote:
Hi, I've added gnupg-largekeys, which is the gnupg from Core, but patched to extend the maximum key size to 65535 bits. Please note that unpatched versions of gnupg can only import/encrypt to/verify signatures of key sizes up to 16384 bits large, so you could keep your key sizes less than or equal to that size for compatibility.
https://aur.archlinux.org/packages/gnupg-largekeys
I think gnupg2-large-keys.patch would be a great addition into the Arch Core gnupg package, if not in its current form then at least modifying it to increase the max key size to 16384 instead of 65535. For some interesting numbers, take a look at http://www.ecrypt.eu.org/documents/D.SPA.20.pdf (especially Table 7.2, see 15424 bit RSA keys). Basically, it'd be nice for users to be able to create keys larger than 4096 bits.
Cheers, Ido
On Thu, Nov 28, 2013 at 5:48 PM, Ido Rosen <ido@kernel.org> wrote:
On Thu, Nov 28, 2013 at 10:49 AM, Jerome Leclanche <adys.wh@gmail.com>wrote:
What's the outcome on this? I'm interested in large keys in default gnupg.
That said, is there a reason why the patch isnt upstream yet? J. Leclanche
It was rejected upstream previously a few times.
If we want it, it has to be a patch on upstream in our gpg version. I believe the reasoning that allowing larger key sizes are a performance issue for mobile does not really apply here.
That sounds like the kind of perfect use case for a compile-time option. J. Leclanche
Even gpg 2.1. dev is still limited to 4096: Line 1943, max=4096: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keygen.c;h=...
Ido
On Mon, Nov 4, 2013 at 3:12 AM, Ido Rosen <ido@kernel.org> wrote:
Hi, I've added gnupg-largekeys, which is the gnupg from Core, but patched to extend the maximum key size to 65535 bits. Please note that unpatched versions of gnupg can only import/encrypt to/verify signatures of key sizes up to 16384 bits large, so you could keep your key sizes less than or equal to that size for compatibility.
https://aur.archlinux.org/packages/gnupg-largekeys
I think gnupg2-large-keys.patch would be a great addition into the Arch Core gnupg package, if not in its current form then at least modifying it to increase the max key size to 16384 instead of 65535. For some interesting numbers, take a look at http://www.ecrypt.eu.org/documents/D.SPA.20.pdf (especially Table 7.2, see 15424 bit RSA keys). Basically, it'd be nice for users to be able to create keys larger than 4096 bits.
Cheers, Ido
On Thu, Nov 28, 2013 at 2:04 PM, Jerome Leclanche <adys.wh@gmail.com> wrote:
On Thu, Nov 28, 2013 at 5:48 PM, Ido Rosen <ido@kernel.org> wrote:
On Thu, Nov 28, 2013 at 10:49 AM, Jerome Leclanche <adys.wh@gmail.com wrote:
What's the outcome on this? I'm interested in large keys in default gnupg.
That said, is there a reason why the patch isnt upstream yet? J. Leclanche
It was rejected upstream previously a few times.
If we want it, it has to be a patch on upstream in our gpg version. I believe the reasoning that allowing larger key sizes are a performance issue for mobile does not really apply here.
That sounds like the kind of perfect use case for a compile-time option.
J. Leclanche
If you mean an upstream compile-time option (i.e. not in the PKGBUILD), I agree wholeheartedly. Now all we have to do is convince Werner Koch, which means emailing gnupg-users/gnupg-devel, or submitting a bug report with a patch (and a copyright assignment). Closed bugs related to this are: https://bugs.g10code.com/gnupg/issue1441 https://bugs.g10code.com/gnupg/issue1460 FWIW, the pattern in upstream seems to be that anyone who suggests a larger max key size gets told no for a few years, and then it happens anyway. That is, if you can call 2 data points (2048, then 4096) a pattern...
Patch submitted. I hope it gets accepted... :-/ https://bugs.g10code.com/gnupg/issue1573 On Thu, Nov 28, 2013 at 3:09 PM, Ido Rosen <ido@kernel.org> wrote:
On Thu, Nov 28, 2013 at 2:04 PM, Jerome Leclanche <adys.wh@gmail.com> wrote:
On Thu, Nov 28, 2013 at 5:48 PM, Ido Rosen <ido@kernel.org> wrote:
On Thu, Nov 28, 2013 at 10:49 AM, Jerome Leclanche <adys.wh@gmail.com>wrote:
What's the outcome on this? I'm interested in large keys in default gnupg.
That said, is there a reason why the patch isnt upstream yet? J. Leclanche
It was rejected upstream previously a few times.
If we want it, it has to be a patch on upstream in our gpg version. I believe the reasoning that allowing larger key sizes are a performance issue for mobile does not really apply here.
That sounds like the kind of perfect use case for a compile-time option.
J. Leclanche
If you mean an upstream compile-time option (i.e. not in the PKGBUILD), I agree wholeheartedly. Now all we have to do is convince Werner Koch, which means emailing gnupg-users/gnupg-devel, or submitting a bug report with a patch (and a copyright assignment).
Closed bugs related to this are: https://bugs.g10code.com/gnupg/issue1441 https://bugs.g10code.com/gnupg/issue1460
FWIW, the pattern in upstream seems to be that anyone who suggests a larger max key size gets told no for a few years, and then it happens anyway. That is, if you can call 2 data points (2048, then 4096) a pattern...
participants (2)
-
Ido Rosen
-
Jerome Leclanche