OpenPGP card decryption with 4096bit keys bugfix??

Robert J. Hansen rjh at
Wed Dec 26 14:22:44 CET 2012

On 12/26/2012 2:42 AM, Josef Schneider wrote:
> first thing: I am not subscribed to this list, so please CC me in replies.

You will have better luck if you join the list.  I can almost guarantee
you that somewhere in this thread someone will have useful thoughts to
contribute and they will not remember to cc you.

> I recently bought a OpenPGP smart card and want to use 4096bit keys and
> Windows.
> This doesn't work for decrypting with any released gpg version!

The easiest way to fix your problem is to consider whether 3072-bit
crypto is sufficient for your purposes.  It almost certainly is.

4096-bit crypto does not give you very much of an edge over 3072-bit
crypto.  Per NIST:

	Asymmetric size		Equivalent symmetric size
	1024 bits		80 bits
	2048 bits		112 bits
	3072 bits		128 bits
	4096 bits		--------

NIST doesn't even give an estimate for 4096-bit keys.  My suspicion is
they would come in around 134 bits or so, but that's just a hunch.

This makes 4kbit keys the "odd man out."  If 128-bit crypto is
sufficient for your purposes (and it's sufficient for virtually all
purposes!), then a 3072-bit key is also sufficient.  If you're in one of
the rare niches where 256-bit crypto is necessary then you've got two
choices: use a 15,000-bit RSA key or else switch to elliptical-curve

Either way, there are very few cases where RSA-4096 is necessary.  (I've
personally never seen or heard of one, but I'm not going to claim they
don't exist at all.)

More information about the Gnupg-users mailing list