Trying to create auth key on GPF CryptoStick

Nicholas Cole nicholas.cole at
Wed Jan 4 11:21:22 CET 2012

On Wed, Jan 4, 2012 at 9:33 AM, Werner Koch <wk at> wrote:
> On Tue,  3 Jan 2012 21:16, gollo at said:
>> Werner, is that correct? The card you gave me at FSCONS back in 2009
>> states that 3072 Bits is the maximum key size. I use 2048 Bit keys at
> They state 3072 because that is what GnuPG supported at that time; the
> cards supported 4096, though.  Since 2.0.18 GnuPG supports 4096 with
> those cards.
> There is still no reason to use it 2048 is more than sufficient.  IF you
> think you need more, you should ask yourself several questions.  One of
> these questions should be, whether you have checked the chip design and
> the firmware of the card.

Quite frankly, I don't think most people need anything more than a 512
bit key. :-)

But all the same, to be serious, I suppose it is a bit (just a tiny
bit) unsettling that NIST is recommending that everyone move to either
very long keys for really secure data or else to ECC:  (for example)

I know that the request for stupidly, idiotically long key sizes is as
old as PGP itself, but all the same, I suspect that these sorts of
requests will be more and more common until gpg is capable of
supporting the latest "state of the art".  Even then, it won't satisfy
everyone, but at least we'll be able to say "if it's good enough for


More information about the Gnupg-users mailing list