does gpg cope with very large key sizes
David Shaw
dshaw at jabberwocky.com
Fri Sep 11 00:27:34 CEST 2009
On Sep 10, 2009, at 5:29 PM, Philippe Cerfon wrote:
> When I asked you before,.. I just ment if these oversized keys would
> still be ok and "secure", in a hypothetical scenario, where everything
> else is also perfectly secure (e.g. having a steel door with Superman
> guarding it ;-) )
So far as I know, they should be fine and still secure - just very
large. Of course, we don't test beyond 4096 bits, but I don't know of
any particular gotchas in there for keys beyond 4096.
>> I don't forsee we'll ever end up with keys that large. They're
>> just too big
>> to conveniently use. Rather, we'll switch over to algorithms like
>> Elliptic
>> Curve
>
> *looked it up*
> Ah,.. interesting...
> So will this "replace" RSA/DSA? Perhaps also with an OpenPGP without
> the strict bindings to SHA1 you mentioned before?
> Is it already working (for gpg)? Or when could one expect this being
> usable for production?
Not very soon. The first step is to get ECC as an update to the
OpenPGP spec. The next step (really concurrent with the first step)
would be get more than one implementation (GPG, PGP, OpenPGP:SDK, etc)
to support it and prove interoperability. Finally there is the rather
slow ramp-up as people slowly adopt the new ability. This is the part
that takes the longest as people don't upgrade very quickly or often,
there is reluctance to make new keys, etc.
There is currently a proposal for OpenPGP ECC. See http://brainhub.googlepages.com/pgp
Note that ECC and a no-SHA1 OpenPGP aren't necessarily related. As
specified in the draft, ECC ends up being two new algorithm types like
RSA or DSA. You could have a (for example) a ECDSA subkey on your RSA
primary key and so on. A no-SHA1 OpenPGP is a different sort of
problem, and pretty much implies a new key packet type, as I see it.
Even in an ideal world, widespread ECC use is years away. (Which
doesn't mean we shouldn't start - if we want it used years from now,
we have to start on it).
If you're interested in ECC, I suggest you check out the ietf-openpgp
list. This is where changes to the OpenPGP spec are discussed. See http://www.imc.org/ietf-openpgp/
David
More information about the Gnupg-devel
mailing list