Any way to get smaller key sizes?

David Shaw dshaw at
Wed Sep 28 18:54:06 CEST 2005

On Wed, Sep 28, 2005 at 10:29:40AM -0400, Jason Barrett wrote:

>   Yes, but it's almost impossible to answer this because it's not clear
>   what you're doing.  Are you storing the keys or the results?  1024 bit
>   keys with what algorithm?  The only key type that is locked to 1024
>   bits is DSA and that's a signing algorithm, so encryption never comes
>   into the equation.
> The key that's used for encryption, according to the Handbook, is the
> El-Gamal sub-key that gets created, along with the DSA signing key, when
> you invoke 'gpg --gen-key'.  The concern is over database storage of the
> results, not the keys.  I could store them outside the database, but I'd
> rather not as that adds a level of indirection, additional complexity, and
> another point of failure to the design.  The algorithm is whatever is used
> by 'gpg --encrypt'.

Well, it's a tiny difference in practice, but you can generate small
Elgamal keys by using the --expert flag along with --gen-key.


More information about the Gnupg-users mailing list