RSA key size restriction?

David Shaw dshaw at jabberwocky.com
Fri Dec 12 14:27:38 CET 2003


On Fri, Dec 12, 2003 at 09:15:08PM +0200, Maxine Brandt wrote:
> David Shaw wrote:
> 
> 
> |> | Again, if someone generates such a key, GnuPG will work with it.  
> I
> |> | still don't see the need to make it easy to generate them though,
> |> | especially given that if someone wanted it badly enough, they can
> |> | remove the line of code that prevents it themselves.
> |> |
> |> Which line?
> 
> 
> | Search for "keysize too large" in g10/keygen.c
> 
> Thanks, David. That should be good enough for those of us who want to 
> generate oversize keys for some reason.
> 
> Actually, I agree with the criticism of these large keys, but I have a 
> correspondent who refuses all encrypted communication with keys 
> smaller than 7680 bits. Paranoia or eccentricity - I'm not sure. I 
> have a large RSA v4 key created with a hacked PGP version, but I'm not 
> happy with it because it has a v3 signature on the subkey, which 
> doesn't seem too reglo for my taste.

V3 subkey signatures are legal, but certainly a bit odd.

Out of curiosity, do you know how or why your correspondent came up
with 7680 bits in particular?

David



More information about the Gnupg-users mailing list