On Sun, 2007-06-17 at 12:58 -0400, David Shaw wrote:
> >> >>> Lot's of other stuff, not top-posted here.
> GnuPG supports RSA keys much larger than 4096 bits. It does not,
> however, currently allow generation of such keys, so the keys must
> come from elsewhere.
>
> > Isn't it more usefull to switch to ECC instead of using that large keys?
>
> For many cases, yes. However, ECC is not yet defined for OpenPGP.
> Until that happens, there won't be official support for it in GnuPG.
> Note, though, there is a ECC version of GnuPG out there if you want to
> try it.
>
> David
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
To coax bigger RSA keys out of gnupg-1.4.7 you have to download
and recompile the source, but with one change in the following file:
gnupg-1.4.7/g10/keygen.c
Here is diff -r output, 2 source trees, one source tree containing
the single difference:
[EMAIL PROTECTED]:~/gpg_test_8192> diff -r * 2>&1|grep -v 'Only in'
diff -r gnupg-1.4.7/g10/keygen.c gnupg_1.4.7x/g10/keygen.c
1528a1529
> max=8192;
In more detail it's the following case stanza:
case PUBKEY_ALGO_RSA:
min=1024;
max=8192; /* Line of code to allow 8192 key generation.*/
break;
It is the case stanza in the first switch statement in the function:
ask_keysize(int algo)
in the file g10/keygen.c
I can successfully generate an 8192-key (in under 10 minutes). If I
get around 2it, I will test this key for signing, maybe generate
a 8192-bit RSA sub-key and test that, too.
I did this before in gnupg-1.2.1 (Check the mailing list archives)
but it was a different change... I think, to a header file. (I don't
have or can no longer find the detritus from that excursion) I was
much more energetic then testing, signing, encrypting, and decrypting
with a 8192-bit RSA key.
The real rub will be to see if it behaves well with unaltered (for
8192 key generation) gnupg-1.4.7) for encrypting, signing, decrypting,
etc., but I suspect it will be copacetic with unaltered official
gnupg-1.4.7. (Werner Koch and the gang are pretty thorough with this
code, it is high quality stuff)
Regards,
Newton
--
Public Key: 4096R/136FC036 2004-02-09 Newton Hammet <[EMAIL PROTECTED]>
Key fingerprint = 785F DFF3 7029 3FBD 45CE 747C 93CA E808 136F C036
Key servers: pgp.mit.edu, others...
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
