RSA key size restriction?

David Shaw dshaw at
Thu Dec 11 15:13:33 CET 2003

On Thu, Dec 11, 2003 at 09:59:36PM +0200, torduninja at wrote:

> | Remember that hiding it behind --expert (and a "Don't do this!"
> | message) still didn't stop people from generating Elgamal
> | sign+encrypt keys.
> |
> Hmm. I wonder how many of those keys were actually generated by GnuPG
> and how many were made by certain hacked versions of PGP. And for
> those created with GnuPG, the following remark in the Readme file
> might have played a role:
> ~  "Please note that the GnuPG implementation of ElGamal signatures is
>       *not* insecure."

Yes, but before the key was generated, they had to agree to:

  The use of this algorithm is only supported by GnuPG.  You will not
  be able to use this key to communicate with PGP users.  This
  algorithm is also very slow, and may not be as secure as the other
  choices.  Create anyway?

The README reflected the belief that the implementation was secure.
The warning reflected the belief that despite being believed secure,
it was not a good idea. ;)

> | Again, if someone generates such a key, GnuPG will work with it.  I
> | still don't see the need to make it easy to generate them though,
> | especially given that if someone wanted it badly enough, they can
> | remove the line of code that prevents it themselves.
> |
> Which line?

Search for "keysize too large" in g10/keygen.c


More information about the Gnupg-users mailing list