1024 key with large sub key
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Oct 2 20:39:39 CEST 2017
On Mon 2017-10-02 10:46:48 -0400, Robert J. Hansen wrote:
>> In batch mode it can go higher.
>
> I was about to disagree with you when I discovered the
> --enable-large-rsa flag.
>
> When did this get introduced? Why? What possible use case is there for
> this?
It was introduced in 2014 in git commit
534e2876acc05f9f8d9b54c18511fe768d77dfb5 on STABLE-BRANCH-1-4, which was
subsequently ported to master.
see also https://bugs.debian.org/739424 and https://dev.gnupg.org/T1732
here's the commit log:
commit 534e2876acc05f9f8d9b54c18511fe768d77dfb5
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Fri Oct 3 12:01:11 2014 -0400
gpg: Add build and runtime support for larger RSA keys
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.
--
Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.
Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.
Debian-bug-id: 739424
Minor edits by wk.
GnuPG-bug-id: 1732
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20171002/508e4a3e/attachment.sig>
More information about the Gnupg-users
mailing list