1024 key with large sub key

Robert J. Hansen rjh at sixdemonbag.org
Mon Oct 2 21:04:07 CEST 2017

> see also https://bugs.debian.org/739424 and https://dev.gnupg.org/T1732
> here's the commit log:

Thank you for digging this up.

I'd like to open a discussion about removing this option.

First, I think it was a misfeature from conception.  The justification
was, "Some older implementations built and used [large] RSA keys" --
which is absolutely true -- but there was no justification given to
allowing RSA keys *generated today* to be of that size.  Allowing GnuPG
to import keys of that size might be necessary to give users an upgrade
path; allowing GnuPG to *generate* keys of that size seems unjustified.

Since we are no longer concerned with "older implementations" (which I'm
assuming means "PGP 2.6 and its derivatives"), the original
justification is gone.  And on the downside, keeping this option in
place encourages a kind of cryptofetishism where all that matters is key

Anyone want to point out what I'm missing?  I don't want to sound as if
my mind is made up, but right now it truly seems to me the
--enable-large-rsa option is a misfeature.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20171002/0462ca87/attachment.sig>

More information about the Gnupg-users mailing list