On 12/18/2014 10:24 AM, Robert J. Hansen wrote: >> My current key is 2048 bits in length and I would like to have >> something that is closer to 8192 bits in length. Is there a way that >> I can accomplish this... > > Definitely not from GnuPG, and probably not from without it, either.
There are clearly tools that you can use to make larger keys than 4096-bit RSA, e.g. gnutls-bin + monkeysphere: certtool -p --bits 8192 | pem2openpgp 'Test User <t...@example.org>' (this will produce a binary-formatted OpenPGP key on stdout, so you probably want to send it to a file or something) but I don't recommend trying to do this, because these larger RSA keys are expensive to use compared to the marginal extra security, and their signatures are large. I recommend sticking with 4096-bit RSA for now; for stronger keys you'll eventually want to move to a large ECC key (though the choices we have at the moment for ECC have some shadow of suspicion over them). > Further, you cannot change the length of the primary subkey on a > certificate. "primary subkey" doesn't make much sense. I'm pretty sure Robert means "primary key". --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users