The key size warning

David Shaw dshaw at
Wed Mar 27 01:15:02 CET 2002

On Tue, Mar 26, 2002 at 06:31:41PM -0500, Michael Young wrote:

> > From: "Robert J. Hansen" <rjhansen at>
> > 
> > 768-bit keys should, IMO, flag a warning about "This key is far below
> > the recommended keysize".  But that's it.
> I agree.  If I *really* want a smaller key, despite the warning,
> why should it be GnuPG's job to prevent me?  I can buy the
> argument that some programs should protect the incurably stupid,
> but GnuPG is just chock-full of options that can be horribly misused
> already.  A protectionist policy seems out of place.

I agree that if a user wants to do something stupid, they should be
allowed to (with appropriate warnings).  Still, it's in the OpenPGP
spec that applications shouldn't generate keys smaller than 768 bits.
It's a SHOULD, and not a MUST, but it's there.

I'd say disallow it unless the user sets the --expert flag.  By
setting that, the user is swearing they won't blame GnuPG for not
protecting them :)


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list