riseup.net OpenPGP Best Practices article

Werner Koch wk at gnupg.org
Wed Jun 25 08:25:36 CEST 2014

On Tue, 24 Jun 2014 21:35, johanw at vulcan.xs4all.nl said:

> Finally upgrade that 286 to DOS > 3.0? If you have a system that can't
> handle 4k keys you have very specific needs. Sending a lot of messages

This misunderstanding is actually an indication of the problem.  You are
talking 4096 vs. 2048 while the more important case is to read the
security announcements and update your gpg.

Over the last two days I release 1.4.17 and 2.0.24 just to fix a simple
regression introduced 15 years ago: Create an OpenPGP packet from these
bytes: a3 01 5b ff.  Put it into an ascii armor and sent it by mail.
The MUA will lock up while trying to decrypt it.  This is a naked
compressed data packet, you may need to embed it into a regular
encrypted packet.

I wonder why the keysize triggers bikeshedding discussions in all
security groups.  After all the majority of us (including me) has not
the education and experience to select the color (i.e. crypto math) on
their own.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list