On 22 May 2012 09:58, <tim.kac...@gmail.com> wrote:
> I think it should be okay to dredge up this topic ever couple years. From
> what I am reading, links below, I do not feel comfortable with the key
> length and algorithmic security offered by GPG's defaults.
>
Use this patch to increase the maximum keysize in gpg2 to 8192 when using
the --expert option - intended for v2.0.17 but should be good for later
versions too.
--- g10/keygen.c 2011-01-15 16:32:30.000000000 +0000
+++ g10/keygen.c 2011-01-15 16:32:42.000000000 +0000
@@ -1774,7 +1774,7 @@
static unsigned
ask_keysize (int algo, unsigned int primary_keysize)
{
- unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
+ unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=8192;
int for_subkey = !!primary_keysize;
int autocomp = 0;
*--expert*
Allow the user to do certain nonsensical or "silly" things like signing an
expired or revoked key, or certain potentially incompatible things like
generating unusual key types. This also disables certain warning messages
about potentially incompatible actions. As the name implies, this option is
for experts only. If you don't fully understand the implications of what it
allows you to do, leave this off. --no-expert disables this option.
It's generally accepted that a big key is a "silly thing" so seems perfect
for inclusion in the expert option.
Ben
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
