Some people say longer keys are silly. I think they should be supported by gpg.

Benjamin Donnachie benjamin at
Mon May 28 18:27:33 CEST 2012

On 22 May 2012 09:58, <tim.kachao at> wrote:

> I think it should be okay to dredge up this topic ever couple years.  From
> what I am reading, links below,  I do not feel comfortable with the key
> length and algorithmic security offered by GPG's defaults.

Use this patch to increase the maximum keysize in gpg2 to 8192 when using
the --expert option - intended for v2.0.17 but should be good for later
versions too.

--- g10/keygen.c        2011-01-15 16:32:30.000000000 +0000
+++ g10/keygen.c        2011-01-15 16:32:42.000000000 +0000
@@ -1774,7 +1774,7 @@
 static unsigned
 ask_keysize (int algo, unsigned int primary_keysize)
-  unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
+  unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=8192;
   int for_subkey = !!primary_keysize;
   int autocomp = 0;


Allow the user to do certain nonsensical or "silly" things like signing an
expired or revoked key, or certain potentially incompatible things like
generating unusual key types. This also disables certain warning messages
about potentially incompatible actions. As the name implies, this option is
for experts only. If you don't fully understand the implications of what it
allows you to do, leave this off. --no-expert disables this option.

It's generally accepted that a big key is a "silly thing" so seems perfect
for inclusion in the expert option.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120528/d5520ff5/attachment-0001.htm>

More information about the Gnupg-users mailing list