Create key's over 4096 bit ????
Aleksandar Milivojevic
alex at milivojevic.org
Thu Dec 22 05:12:03 CET 2005
vedaal at hush.com wrote:
> 16k rsa keys are very bulky to use, and provide *very, very, long*
> signatures (i tried it out just to see what would happen,;-) but
> see no advantage, and have not bothered to make a another key for
> security use, after trying the test key but if you really want
> to try out of curiosity and then be done with it, it is compatible
> with gnupg
My previous message somehow didn't made it to the list. Anyhow, I can
only confirm what you wrote. If you want to play with 16k RSA key, one
way to do it is to use "openssl genrsa -des3 -out long.key 16384". You
can then create self signed certificate to play with. It takes
somewhere around 13-14 minutes to generate 16k RSA key on 2.8GHz Pentium
D. On slower machine, it can take hours to generate 16k RSA key. So
have lots of patience when experimenting. Very soon you'll realize why
nobody uses such long keys. The 4k limit is there for your own
protection ;-) If you really have tons of time to waste, openssl will
allow you to create even longer keys (why not try 262144 bit long key,
and let us know how long it took to generate).
From the security standpoint, more bits do not buy you more security.
Having 16k key or 2k key will buy you about the same security. It is
not all in the key lenght. My opinion is, just use 2k key. It will
serve you well. I generated one 4k key some time ago, and have almost
never used it. Looking back, that was really pointless thing to do.
More information about the Gnupg-users
mailing list