Maximum keypair length...

Konstantin Ryabitsev konstantin at linuxfoundation.org
Fri May 1 18:01:40 CEST 2020


On Thu, Apr 30, 2020 at 11:07:11PM -0400, Barry Smith via Gnupg-users wrote:
> Let me continue by explaining some back up information for my 
> question.
> - I am asking in terms of the latest standards implemented in distros and
> Windows .exe auto-install packages.
> - I am trying to create a group calendar file and app for a private group.
> - Original concept for my project -- use an annual calendar file that has
> December (year minus 1) to January (year plus 1), so 14 months of days. I
> want one keypair per day for the group.

I'm not sure what kind of risk scenario you're working against, but this 
sounds extreme and will probably have all sorts of usability corner 
cases.

> SO, users, help!
> I need to know the absolute longest key that GnuPG can create RIGHT 
> NOW.

It depends on the algorithm. RSA keys have the default maximum length of 
8192 set at compile-time. Elliptic Curve cryptography requires much 
shorter keys, so maximums will be different there.

In general, the length of the key is only part of the picture when we're 
talking about encryption "strength." Many cryptographers consider RSA 
keys longer than 2048 bits to be a "feel-good security theatre", because 
classical computers are not likely to be able to successfully break 
2048-bit keys in the foreseeable future, even given state-level funding.  
If/once we get to the point where quantum computers are powerful enough 
to defeat 2048-bit RSA, then we should consider all classical public-key 
crypto irreversibly compromised (RSA, DSA, ECC, etc) -- longer keypair 
lengths will merely buy a bit of time before failing to cryptanalysis.

So, if you want decent modern-day encryption, use 256-bit ECC keys and 
don't worry about key lengths longer than 256 (or 4096 for RSA).

-K



More information about the Gnupg-users mailing list