[aur-general] Fwd: gnupg-largekeys in AUR
adys.wh at gmail.com
Thu Nov 28 14:04:40 EST 2013
On Thu, Nov 28, 2013 at 5:48 PM, Ido Rosen <ido at kernel.org> wrote:
> On Thu, Nov 28, 2013 at 10:49 AM, Jerome Leclanche <adys.wh at gmail.com>wrote:
>> What's the outcome on this? I'm interested in large keys in default gnupg.
>> That said, is there a reason why the patch isnt upstream yet?
>> J. Leclanche
> It was rejected upstream previously a few times.
> If we want it, it has to be a patch on upstream in our gpg version. I
> believe the reasoning that allowing larger key sizes are a performance
> issue for mobile does not really apply here.
That sounds like the kind of perfect use case for a compile-time option.
> Even gpg 2.1. dev is still limited to 4096:
> Line 1943, max=4096:
>> On Mon, Nov 4, 2013 at 3:12 AM, Ido Rosen <ido at kernel.org> wrote:
>> > Hi,
>> > I've added gnupg-largekeys, which is the gnupg from Core, but patched
>> > extend the maximum key size to 65535 bits. Please note that unpatched
>> > versions of gnupg can only import/encrypt to/verify signatures of key
>> > up to 16384 bits large, so you could keep your key sizes less than or
>> > to that size for compatibility.
>> > https://aur.archlinux.org/packages/gnupg-largekeys
>> > I think gnupg2-large-keys.patch would be a great addition into the Arch
>> > Core gnupg package, if not in its current form then at least modifying it
>> > to increase the max key size to 16384 instead of 65535. For some
>> > interesting numbers, take a look at
>> > http://www.ecrypt.eu.org/documents/D.SPA.20.pdf (especially Table 7.2,
>> > 15424 bit RSA keys). Basically, it'd be nice for users to be able to
>> > create keys larger than 4096 bits.
>> > Cheers,
>> > Ido
More information about the aur-general