does gpg cope with very large key sizes

Philippe Cerfon philcerf at googlemail.com
Thu Sep 10 13:40:40 CEST 2009


Hi David.


On Thu, Sep 10, 2009 at 5:09 AM, David Shaw <dshaw at jabberwocky.com> wrote:
>> So I grepped the sources (for both version 1.x and 2.x) and found that the limit is enfored here:
>> g10/keygen.c:  unsigned nbits, min, def=2048, max=4096;
> Yes.

Wow,.. I alawys knew I'd be a gpg-code guru *laughs* ;-)


>> So all I must to is e.g. set max = 65536 or even something higher ;-)
>> Right so far?
> Right, but you may be surprised how long it takes to generate a really massive key.  The key generation code is single-threaded, and generally not optimized for really big keys.

That's just what I want to find out,... ok actually,.. I think the
times required to sign/encrypt with such a key are more interesting,..
but creation time is somewhat interesting, too.


> You should be okay with changing the ones in keygen.c.

>> - Or is in everything ok,.. and there's just this max=something in g10/keygen.c where you save users from shooting into their feets by creating to large keys but nothing else?
> Pretty much true if your goal is to just do performance testing with different sizes.  I certainly wouldn't actually use such a key in the real world, though.

Pretty much? What do you mean by that? The time/performance issues?
Out of curiosity: As far as I know the suggested key sizes will always
rather raise, right (expect one moves perhaps away from RSA, but are
there any alternatives than DSA?)? So maybe in 20 or 30 years 32k bit
keys will be necessary,... would be bad if those keys weren't usable
in the real world :-/


Cheers,
Philippe.



More information about the Gnupg-devel mailing list