PGP key replacement time

· by · in Privacy, Technology. ·

I have a new pgp key.

Feel free to sign it at your pgp.net keyserver of choice.

$ gpg –fingerprint FE264BAA

pub 16384R/FE264BAA 2008-01-17 Key fingerprint = 9A05 99DB 838D 9049 0509 AD5D 26A4 2F8A FE26 4BAAsub 16384R/3CA219BB 2008-01-17

Why so big a keysize? A friend of mine cited the following:

NIST key management guidelines further suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys

NIST gives the following requirements. Other cyphersystems can be compared on the same site.

If something is worth encrypting, why not do it seriously and stay ahead of innovation.

At this time, gnupg does not allow keys of this size. To be able to generate one, simply remove the limitations from the source, compile as usual, and generate your keys. George Hill has a patch file here that you could use as a reference.

--- gnupg-1.4.7/g10/keygen.c.orig	Fri Dec 21 21:33:27 2007
+++ gnupg-1.4.7/g10/keygen.c	Fri Dec 21 21:34:51 2007
@@ -1502,12 +1502,12 @@
 static unsigned
 ask_keysize( int algo )
 {
-  unsigned nbits,min,def=2048,max=4096;
+  unsigned nbits,min,def=2048,max=16384;
 
   if(opt.expert)
     min=512;
   else
-    min=1024;
+    min=2048;
 
   switch(algo)
     {
@@ -1525,7 +1525,7 @@
       break;
 
     case PUBKEY_ALGO_RSA:
-      min=1024;
+      min=2048;
       break;
     }
 
--- gnupg-1.4.7/util/secmem.c.orig	Mon Feb 12 06:26:30 2007
+++ gnupg-1.4.7/util/secmem.c	Fri Dec 21 21:44:55 2007
@@ -58,7 +58,7 @@
 #endif
 
 
-#define DEFAULT_POOLSIZE 16384
+#define DEFAULT_POOLSIZE 131072
 
 typedef struct memblock_struct MEMBLOCK;
 struct memblock_struct {

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s