does gpg cope with very large key sizes

David Shaw dshaw at jabberwocky.com
Fri Sep 11 00:27:34 CEST 2009 

On Sep 10, 2009, at 5:29 PM, Philippe Cerfon wrote:

> When I asked you before,.. I just ment if these oversized keys would
> still be ok and "secure", in a hypothetical scenario, where everything
> else is also perfectly secure (e.g. having a steel door with Superman
> guarding it ;-) )

So far as I know, they should be fine and still secure - just very  
large.  Of course, we don't test beyond 4096 bits, but I don't know of  
any particular gotchas in there for keys beyond 4096.

>> I don't forsee we'll ever end up with keys that large.  They're  
>> just too big
>> to conveniently use.  Rather, we'll switch over to algorithms like  
>> Elliptic
>> Curve
>
> *looked it up*
> Ah,.. interesting...
> So will this "replace" RSA/DSA? Perhaps also with an OpenPGP without
> the strict bindings to SHA1 you mentioned before?
> Is it already working (for gpg)? Or when could one expect this being
> usable for production?

Not very soon.  The first step is to get ECC as an update to the  
OpenPGP spec.  The next step (really concurrent with the first step)  
would be get more than one implementation (GPG, PGP, OpenPGP:SDK, etc)  
to support it and prove interoperability.  Finally there is the rather  
slow ramp-up as people slowly adopt the new ability.  This is the part  
that takes the longest as people don't upgrade very quickly or often,  
there is reluctance to make new keys, etc.

There is currently a proposal for OpenPGP ECC.  See http://brainhub.googlepages.com/pgp

Note that ECC and a no-SHA1 OpenPGP aren't necessarily related.  As  
specified in the draft, ECC ends up being two new algorithm types like  
RSA or DSA.  You could have a (for example) a ECDSA subkey on your RSA  
primary key and so on.  A no-SHA1 OpenPGP is a different sort of  
problem, and pretty much implies a new key packet type, as I see it.

Even in an ideal world, widespread ECC use is years away.  (Which  
doesn't mean we shouldn't start - if we want it used years from now,  
we have to start on it).

If you're interested in ECC, I suggest you check out the ietf-openpgp  
list.  This is where changes to the OpenPGP spec are discussed.  See http://www.imc.org/ietf-openpgp/

David

More information about the Gnupg-devel mailing list