GnuPG Gpg4win Logo
  • Comments
  • Immutable Page
  • Menu
    • Navigation
    • RecentChanges
    • FindPage
    • Local Site Map
    • Help
    • HelpContents
    • HelpOnMoinWikiSyntax
    • Display
    • Attachments
    • Info
    • Raw Text
    • Print View
    • Edit
    • Load
    • Save
  • Login

Navigation

  • RecentChanges
  • FindPage
  • HelpContents
Revision 1 as of 2014-10-28 11:43:38
  • LargeKeys

When creating a new certificate, there is a choice of how long to select the size of the private key.

As of October 2014 the default of GnuPG is to use RSA with a length 2048bit. This is the recommendation because the GnuPG Initiative believe this serves most users best.

There is an ongoing debate about what the future default length should be and what sizes should be supported. You will find it on gnupg-users.

Note that Werner Koch, the principle author of GnuPG recommends to not use private keysizes larger than 4 Kibibyte, he believes 8 KiB to be a practical upper limit that GnuPG should technically support. E.g. see his statement in Debian Issue739424

The main arguments (TODO) are:

  • GnuPG needs to ensure (somewhat) secure memory, because of DDOS attacks there must be a limit on supported keysizes.
  • With larger private keysizes there are drawbacks in performance, especially on small systems (think drained battery). This lead to a less usable and thus also slightly less secure system (through the "threat" that crypto is less often used because of the inconvenience of time and battery it takes to use it).
  • While larger keys my provide some more security against breaking the RSA encryption math, it can only be estimated how much extra security more bits provide. As most mathemathical threats do not come by brute force, it is unclear how much more protection very large keys can provide.
  • There are sending implementations of OpenPGP that only support a certain upper limit (e.g. OpenPGP cards are known to go to 3 KiB or 4 KiB in some versions. GnuPG 1.4.18 cannot use >= 5KiB keys anymore).
  • There may be receiving implementation of OpenPGP that only support a certain upper limit of key size.
  • With keysizes as larger as 2 KiB today, it is extremely likely that there are many other weaker spots in your security. If you are about security, it would be rational to deal with these weaknesses first before you consider raising the key sizes. The weaker spots are likely to be vulnerabilities in your computing environment, in your procedures to verify certificates, in the implementation of OpenPGP you are using.
  • This site is hosted by Intevation GmbH
  • |
  • Datenschutzerklärung und Impressum
  • |
  • Privacy Policy and Imprint