Change limits on pubkey lengths?

David Shaw dshaw at
Tue Mar 18 17:57:59 CET 2008

On Wed, Mar 12, 2008 at 06:08:22PM +0000, Anonymous wrote:
> Since RFC4880 is now including symmetric ciphers with 256 bit key
> lengths like TWOFISH and CAMELLIA, is it time to change the limits in
> gnupg for pubkey sizes? According to some sources (RSA for example) the
> "equivalent" assymetric key size would be 15360 bits compared to a
> symmetric cipher using 256-bit key length. Is it really so bad to set
> the default to something between 2048 and 4096 and the upper limit to
> 16K?

Camellia is not in RFC4880.  It is currently being discussed for its
own RFC, though.  The only 256-bit ciphers in 4880 are Twofish and
AES256, and the default for RSA is already 2048.  We'll accept up to
4096 (and of course accept virtually anything generated elsewhere),
but when you get much past that, things get problematic: RSA 16k is
unbelievably slow, and difficult to work with.  It's just too big.

A better answer is EC cryptography in OpenPGP, which gives you more
security for each bit of space.  As it happens, EC is also being
discussed for its own RFC at the moment.


More information about the Gnupg-users mailing list