Your message dated Tue, 27 Oct 2015 16:20:29 -0400 with message-id <[email protected]> and subject line Re: [pkg-gnupg-maint] Bug#800560: gnupg can't create a 4096-16384 bits length key. The old version can do this. has caused the Debian Bug report #800560, regarding gnupg can't create a 4096-16384 bits length key. The old version can do this. to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 800560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800560 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: gnupg Version: 1.4.18-7 Severity: important Dear Maintainer, gnupg can generate RSA keys up to 16384 bits length. On the new version there are some limitations to create large RSA keys. Using old versions could generate long keys up to 16384 bits. A limitation of key size is not right and can help NSA. If there is some reason, it is put a disclaimer and not block the program with an error. Some people may need to generate a large PGP key. After DataGate should be possible to generate large. -- System Information: Debian Release: 8.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gnupg depends on: ii gpgv 1.4.18-7 ii libbz2-1.0 1.0.6-7+b3 ii libc6 2.19-18 ii libreadline6 6.3-8+b3 ii libusb-0.1-4 2:0.1.12-25 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages gnupg recommends: pn gnupg-curl <none> ii libldap-2.4-2 2.4.40+dfsg-1 Versions of packages gnupg suggests: pn gnupg-doc <none> ii imagemagick 8:6.8.9.9-5 ii libpcsclite1 1.8.13-1 pn parcimonie <none> -- no debconf information
--- End Message ---
--- Begin Message ---Control: severity 800560 normal On Wed 2015-09-30 17:32:36 -0400, Gionatan Vianello wrote: > Package: gnupg > Version: 1.4.18-7 > Severity: important > > gnupg can generate RSA keys up to 16384 bits length. > On the new version there are some limitations to create large RSA keys. > Using old versions could generate long keys up to 16384 bits. > > A limitation of key size is not right and can help NSA. It's not clear that anyone believes that the NSA is capable of breaking a 4096-bit RSA keys. With the version of GnuPG that you have installed in stable (as well as with the version in unstable and in testing) you should already be able to generate 8192-bit keys in --batch mode (see --enable-large-rsa in gpg(1) and the section on Unattended Key Generation in /usr/share/doc/gnupg/DETAILS.gz). RSA keys that are larger than 8192 bits will be very expensive to use (even for public key use) and provide little realistic additional protection -- the defensive advantage against a powerful attacker per bit falls off as the key sizes increase in RSA. GnuPG is interested in interoperating with other tools, and generating extremely large keys is likely to impose costs on those users without any useful gains for the ecosystem at large. So i'm closing this bug, because (a) it's actually possible to generate larger keys already for people who believe they need more than 4096 bits, and (b) there needs to be a limit somewhere to avoid resource exhaustion, and 8192 seems like a reasonable place for that limit for RSA. Regards, --dkg
--- End Message ---

