1024-3072 bit OpenPGP cards

David Shaw dshaw at jabberwocky.com
Mon Jul 20 19:57:43 CEST 2009

On Jul 18, 2009, at 5:54 AM, Philipp Schafft wrote:

> reflum,
> On Fri, 2009-07-17 at 11:26 +0200, Werner Koch wrote:
>> 2) Always ask for the key size and use as default the current size.
>>    Show a warning notice if the user entered a different size.
>> 3) Same as 2 but do this only with --expert.
>> 4) Add a new command "keysize" to manually set the keysize for each
>>    key.  Print a warning notice before key generation if the key  
>> sizes
>>    of the card are not all the same and tell the user about the  
>> keysize
>>    command.
> I vote for 3+4:
> while using --expert you get asked every time, this is good for  
> experts
> as they know the problems. But as --expert is normaly the wrong  
> way^(TM)
> there need to be a better way to set it, even without --expert. This  
> may
> be done by a additioal command (btw. I would use something including
> 'card' in the command name).

My problem with a "keysize" command (#4) is that it makes key  
generation into two steps.  First the user must run "keysize", and set  
the size they want (and if the size isn't supported, they will get an  
error).  Then they must generate the key.

#2 just combines the "keysize" and "generate" functions into a single  
command, as people are used to from regular key generation.


More information about the Gnupg-devel mailing list