Create key's over 4096 bit ????

Aleksandar Milivojevic alex at
Thu Dec 22 05:12:03 CET 2005

vedaal at wrote:
> 16k rsa keys are very bulky to use,  and provide *very, very, long* 
> signatures  (i tried it out just to see what would happen,;-)  but 
> see no advantage,  and have not bothered to make a another key  for 
> security use, after trying the test key    but if you really want 
> to try out of curiosity and then be done with it,  it is compatible 
> with gnupg

My previous message somehow didn't made it to the list.  Anyhow, I can 
only confirm what you wrote.  If you want to play with 16k RSA key, one 
way to do it is to use "openssl genrsa -des3 -out long.key 16384".  You 
can then create self signed certificate to play with.  It takes 
somewhere around 13-14 minutes to generate 16k RSA key on 2.8GHz Pentium 
D.  On slower machine, it can take hours to generate 16k RSA key.  So 
have lots of patience when experimenting.  Very soon you'll realize why 
nobody uses such long keys.  The 4k limit is there for your own 
protection ;-)  If you really have tons of time to waste, openssl will 
allow you to create even longer keys (why not try 262144 bit long key, 
and let us know how long it took to generate).

 From the security standpoint, more bits do not buy you more security. 
Having 16k key or 2k key will buy you about the same security.  It is 
not all in the key lenght.  My opinion is, just use 2k key.  It will 
serve you well.  I generated one 4k key some time ago, and have almost 
never used it.  Looking back, that was really pointless thing to do.

More information about the Gnupg-users mailing list