increase the default RSA key size to 3072 bits

Daniel Kahn Gillmor dkg at
Fri Apr 19 15:50:13 CEST 2019

On Thu 2019-04-18 09:21:48 +0200, ilf wrote:
> OpenSSH 8.0 was released yesterday, one change being:
>> * ssh-keygen(1): Increase the default RSA key size to 3072 bits,
>>   following NIST Special Publication 800-57's guidance for a
>>   128-bit equivalent symmetric security level.
> This points to 
> GnuPG 2.2.15 still has RSA 2048 as default, although Debian (and 
> Debian-based distros) ship with 3072 as default.
> I would be in favor of following OpenSSH and increasing the default RSA 
> key size to 3072 bits.

GnuPG master already defaults RSA keys to 3072 bits, and debian has been
shipping this as the default in unstable since September 2017 (version
2.2.0-2), and in stable itself since October 2018 (version
2.1.18-8~deb9u3).  I've heard no complaints about it.

the modern version of gpgsm has shipped upstream with 3072-bit RSA
defaults since 2.2.14 (2019-03-19).

So the only holdout and 2048-bit RSA is the modern version of gpg

I agree that it makes sense to do this on the 2.2 branch.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list