Series of minor questions about OpenPGP 5

Peter Thomas p4.thomas at googlemail.com
Thu Jan 29 17:33:11 CET 2009


One more thing

On Wed, Jan 28, 2009 at 5:10 PM, Werner Koch <wk at gnupg.org> wrote:
>> It seems that it's quite easy to disable this limit in the gnupg
>> source, all I have to do is set max=something in keygen.c, correct?
> No, there is some limit in the RNG too.
I've grep'ed through the sources and there are many other locations
with hardcoded 4096 e.g. the following excerpt:

configure:  --enable-key-cache=SIZE Set key cache to SIZE (default 4096)
configure:  enableval=4096
configure:   enableval=4096
configure:       pgsize = 4096;
configure:    pool = malloc( 4096 + pgsize );
configure:    err = mlock( pool, 4096 );
configure.ac:	AC_HELP_STRING([--enable-key-cache=SIZE],[Set key cache
to SIZE (default 4096)]),,enableval=4096)
configure.ac:   enableval=4096
doc/samplekeys.asc:  pub   4096R/99242560 2002-01-28
g10/app-openpgp.c:      max_length = 4096;
g10/parse-packet.c:    if (pktlen > 4096)
g10/apdu.c:      size_t bufsize = 4096;
g10/apdu.c:                      bufsize += resultlen > 4096? resultlen: 4096;
g10/apdu.c:      size_t bufsize = 4096;
g10/apdu.c:                      bufsize += resultlen > 4096? resultlen: 4096;
g10/status.c:    if ( requested_shm_size > 2 * 4096 )
g10/status.c:    shm_size = 4096 /* one page for us */ + requested_shm_size;
g10/ChangeLog:	(ask_keysize): Only allow keysizes up to 4096
g10/sign.c:        byte copy_buffer[4096];
g10/sign.c:        while ((bytes_copied = iobuf_read(inp, copy_buffer,
4096)) != -1)
g10/sign.c:        wipememory(copy_buffer,4096); /* burn buffer */
g10/encode.c:	byte copy_buffer[4096];
g10/encode.c:	while ((bytes_copied = iobuf_read(inp, copy_buffer, 4096)) != -1)
g10/encode.c:	wipememory(copy_buffer, 4096); /* burn buffer */
g10/encode.c:	byte copy_buffer[4096];
g10/encode.c:	while ((bytes_copied = iobuf_read(inp, copy_buffer, 4096)) != -1)
g10/encode.c:	wipememory(copy_buffer, 4096); /* burn buffer */


Does any of these have to do with key generation or usage? I mean if I
just change that max= setting in keygen.c will everything be fine and
will it produce fully valid secure keys or do I have to look at other
locations, too?

Cheers,
Peter

btw: I've already tried to create a 65563 bit RSA key, but it took me
to long and my notebook ran out of battery *lol*



More information about the Gnupg-users mailing list