Refreshing private key
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Dec 18 17:49:27 CET 2014
On 12/18/2014 10:24 AM, Robert J. Hansen wrote:
>> My current key is 2048 bits in length and I would like to have
>> something that is closer to 8192 bits in length. Is there a way that
>> I can accomplish this...
>
> Definitely not from GnuPG, and probably not from without it, either.
There are clearly tools that you can use to make larger keys than
4096-bit RSA, e.g. gnutls-bin + monkeysphere:
certtool -p --bits 8192 | pem2openpgp 'Test User <test at example.org>'
(this will produce a binary-formatted OpenPGP key on stdout, so you
probably want to send it to a file or something)
but I don't recommend trying to do this, because these larger RSA keys
are expensive to use compared to the marginal extra security, and their
signatures are large.
I recommend sticking with 4096-bit RSA for now; for stronger keys you'll
eventually want to move to a large ECC key (though the choices we have
at the moment for ECC have some shadow of suspicion over them).
> Further, you cannot change the length of the primary subkey on a
> certificate.
"primary subkey" doesn't make much sense. I'm pretty sure Robert means
"primary key".
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141218/12dbf780/attachment.sig>
More information about the Gnupg-users
mailing list