FAQ: Re: key length

Robert J. Hansen rjh at sixdemonbag.org
Sun Aug 3 03:47:40 CEST 2014

> This makes me curious: Is there an example for an OpenPGP
> implementation that only support <= 2048-bit RSA keys? Still in
> usage?

Yes.  My smartcard, for instance, only supports 2048-bit RSA.  Larger
keys can't be migrated to them.

> I haven't read the ENISA recommendation in full length. If they
> allow 2048 bit for old applications or up to a specific point, it
> would be an improvement to say so. It may make sense to directly link
> to their recommendation paper.

I'll see about digging up a specific reference.

> You may consider using a different word here. As someone who speaks
> English as a foreign language, I had to look "imminently" up to be
> sure about its meaning.

Easy enough to accommodate.  :)

> Wasn't there something about the current OpenPGP smartcards only
> being able to deal with 3072-bit keys?

Some can support 3072-bit RSA.  Many can only do RSA-2048.

> I recommend to leave out the next question and answer, it does not
> add much significant information.

Eh.  I think it has a point, but I can definitely work on making that
point more clear.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20140802/c7025336/attachment.bin>

More information about the Gnupg-devel mailing list