On Mon 2017-10-02 10:46:48 -0400, Robert J. Hansen wrote: >> In batch mode it can go higher. > > I was about to disagree with you when I discovered the > --enable-large-rsa flag. > > When did this get introduced? Why? What possible use case is there for > this?
It was introduced in 2014 in git commit 534e2876acc05f9f8d9b54c18511fe768d77dfb5 on STABLE-BRANCH-1-4, which was subsequently ported to master. see also https://bugs.debian.org/739424 and https://dev.gnupg.org/T1732 here's the commit log: commit 534e2876acc05f9f8d9b54c18511fe768d77dfb5 Author: Daniel Kahn Gillmor <d...@fifthhorseman.net> Date: Fri Oct 3 12:01:11 2014 -0400 gpg: Add build and runtime support for larger RSA keys * configure.ac: Added --enable-large-secmem option. * g10/options.h: Add opt.flags.large_rsa. * g10/gpg.c: Contingent on configure option: adjust secmem size, add gpg --enable-large-rsa, bound to opt.flags.large_rsa. * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa * doc/gpg.texi: Document --enable-large-rsa. -- Some older implementations built and used RSA keys up to 16Kib, but the larger secret keys now fail when used by more recent GnuPG, due to secure memory limitations. Building with ./configure --enable-large-secmem will make gpg capable of working with those secret keys, as well as permitting the use of a new gpg option --enable-large-rsa, which let gpg generate RSA keys up to 8Kib when used with --batch --gen-key. Debian-bug-id: 739424 Minor edits by wk. GnuPG-bug-id: 1732 Regards, --dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
