RSA 1024 ridiculous / RSA 8192 sublime, and, possible with gnupg.

David Shaw dshaw at
Sun Jun 17 23:38:49 CEST 2007

On Sun, Jun 17, 2007 at 02:24:22PM -0500, Newton Hammet wrote:

> I did this before in gnupg-1.2.1 (Check the mailing list archives)
> but it was a different change... I think, to a header file. (I don't
> have or can no longer find the detritus from that excursion) I was
> much more energetic then testing, signing, encrypting, and decrypting
> with a 8192-bit RSA key.
> The real rub will be to see if it behaves well with unaltered (for
> 8192 key generation) gnupg-1.4.7) for encrypting, signing, decrypting,
> etc., but I suspect it will be copacetic with unaltered official
> gnupg-1.4.7. (Werner Koch and the gang are pretty thorough with this
> code, it is high quality stuff)

There is no magic "stop working if the key is > 4096 bits" in the RSA
code.  The math doesn't work that way, anyway.  The limit in GnuPG is
artificial, but carefully considered to balance multiple factors like
performance, and perhaps most crucially, interoperability with other
OpenPGP implementations.

Every year someone (re)patches GnuPG to raise the key size limit for
RSA.  This is followed by a flurry of messages until people see just
how inconvenient a giant RSA signature is and then move on.

This year is slightly different in that I'm waiting for someone to
discover they can also raise the key size limit for DSA.  That, at
least, is marginally less strange as I put in code to make the hash
size automatically rise as the key size rises.  Using SHA-1 with a
8192-bit RSA key is... odd.


More information about the Gnupg-users mailing list