#45 ✓invalid
Andreas

Enable creation of 8192bit keys

Reported by Andreas | February 12th, 2011 @ 02:57 PM | in 2.0.18 (closed)

Although it is technicaly possible to work with 8192 bit GPG keys the creators of Gnupgp ship the sources with a hard coded limit of 4096 bit. If you want a larger GPG key than 4096 bit your are supposed to change the given limit yourself by changing one line of code in the file g10/keygen.c (At least in the 1.4.11 sources). That's it. After that you can create up to 8192 bit GPG keys.

Comments and changes to this ticket

  • Alex (via GPGTools)

    Alex (via GPGTools) February 14th, 2011 @ 08:26 AM

    • State changed from “new” to “open”
    • Milestone cleared.
    • Assigned user set to “Benjamin Donnachie”
    • Importance changed from “High” to “”
  • Benjamin Donnachie

    Benjamin Donnachie February 14th, 2011 @ 10:33 AM

    Invalid. Has been a part of MacGPG2 for some time.

    Sent from my iPhone

  • Benjamin Donnachie

    Benjamin Donnachie February 14th, 2011 @ 02:47 PM

    • State changed from “open” to “invalid”

    From last release notes:

     * Maximum key size increased to 8192 bits; not recommended and requires --expert
    command line option.
  • Andreas

    Andreas February 14th, 2011 @ 07:03 PM

    If it was part of MacGPG2 for some time, why was it dropped?
    What does "requires --expert command line option" mean?

    GPGTools-20110214.dmg's version only offers up to 4096 bit, what is wrong with having the possibility to create larger secret keys?

    gpg (GnuPG/MacGPG2) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc.
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Please select what kind of key you want:
    (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1
    RSA keys may be between 1024 and 4096 bits long.
    What keysize do you want? (2048)

  • Alex (via GPGTools)

    Alex (via GPGTools) February 14th, 2011 @ 07:12 PM

    Run

    gpg2 --expert --gen-key

    But before create the key google for the words gnupg, rsa, and 8192.

  • Benjamin Donnachie

    Benjamin Donnachie February 14th, 2011 @ 07:17 PM

    Not dropped at all - try:

    $ gpg2 --expert --gen-key gpg (GnuPG/MacGPG2) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc.
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Please select what kind of key you want:
    (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) Your selection? 1
    RSA keys may be between 1024 and 8192 bits long.
    What keysize do you want? (2048)

  • Andreas

    Andreas February 14th, 2011 @ 07:37 PM

    Now I understand.
    Case closed.
    Thanks for your patience :-)

  • Alex (via GPGTools)

    Alex (via GPGTools) December 28th, 2011 @ 01:27 PM

    • Milestone set to 2.0.18
    • Importance changed from “” to “”
  • Ultimate-GPG-Settings

    Ultimate-GPG-Settings September 11th, 2014 @ 06:24 AM

    • Importance cleared.

    Raising GnuPG key size limits and making ideal .conf files.

    Here is a link to a bash script that increases the GnuPG key size limit beyond 4096 bits.
    The page also provides an ideal GnuPG .conf file.
    https://gist.github.com/anonymous/3d928a0bcbb3ed92c454
    https://tinyurl.com/ultgpgset
    Please provide input and recommended changes.

    Is this method of replacing numbers in the source code appropriate?
    How about the configuration files?

    Ultimate-GPG-Settings

  • steve

    steve September 14th, 2014 @ 07:02 PM

    • Assigned user cleared.
    • Importance set to “Low”

    Hi there, not sure what you are requesting here. That we provide a GUI option for 8192bit keys?

    If so, this will likely not happen. If you want to get into the discussion of the why's and how's, please contact gnupg users mailing list or devel mailing list at https://www.gnupg.org/documentation/mailing-lists.html

    Their stance is that they do not want to make 4096bit keys the default in gnupg. GPG Keychain Access will default to 4096bit keys in the next release anyways. But I do not see 8192bit happen in the UI anytime soon. As indicated above Terminal offers this options for expert users.

    For any further discussion please open a discussion on our support page: http://support.gpgtools.org

  • Support

    Support March 20th, 2023 @ 04:03 PM

    • Tag set to “”

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Shared Ticket Bins

People watching this ticket

Tags

Pages