RSA 1024 ridiculous / RSA 8192 sublime, and, possible with gnupg.

Newton Hammet newton at
Sun Jun 17 21:24:22 CEST 2007

On Sun, 2007-06-17 at 12:58 -0400, David Shaw wrote:
> >> >>> Lot's of other stuff, not top-posted here.
> GnuPG supports RSA keys much larger than 4096 bits.   It does not,
> however, currently allow generation of such keys, so the keys must
> come from elsewhere.
> > Isn't it more usefull to switch to ECC instead of using that large keys?
> For many cases, yes.  However, ECC is not yet defined for OpenPGP.
> Until that happens, there won't be official support for it in GnuPG.
> Note, though, there is a ECC version of GnuPG out there if you want to
> try it.
> David
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

To coax bigger RSA keys out of gnupg-1.4.7 you have to download
and recompile the source, but with one change in the following file:


Here is diff -r output, 2 source trees, one source tree containing
the single difference:

nhammet at linux:~/gpg_test_8192> diff -r * 2>&1|grep -v 'Only in'
diff -r gnupg-1.4.7/g10/keygen.c gnupg_1.4.7x/g10/keygen.c
>       max=8192;

In more detail it's the following case stanza:

      max=8192;  /* Line of code to allow 8192 key generation.*/

It is the case stanza in the first switch statement in the function:
ask_keysize(int algo)
in the file g10/keygen.c

I can successfully generate an 8192-key (in under 10 minutes). If I
get around 2it, I will test this key for signing, maybe generate
a 8192-bit RSA sub-key and test that, too. 

I did this before in gnupg-1.2.1 (Check the mailing list archives)
but it was a different change... I think, to a header file. (I don't
have or can no longer find the detritus from that excursion) I was
much more energetic then testing, signing, encrypting, and decrypting
with a 8192-bit RSA key.

The real rub will be to see if it behaves well with unaltered (for
8192 key generation) gnupg-1.4.7) for encrypting, signing, decrypting,
etc., but I suspect it will be copacetic with unaltered official
gnupg-1.4.7. (Werner Koch and the gang are pretty thorough with this
code, it is high quality stuff)


Public Key: 4096R/136FC036 2004-02-09 Newton Hammet <newton at>
Key fingerprint = 785F DFF3 7029 3FBD 45CE 747C 93CA E808 136F C036
Key servers:, others...

More information about the Gnupg-users mailing list