Any way to get smaller key sizes?
David Shaw
dshaw at jabberwocky.com
Wed Sep 28 18:54:06 CEST 2005
On Wed, Sep 28, 2005 at 10:29:40AM -0400, Jason Barrett wrote:
> Yes, but it's almost impossible to answer this because it's not clear
> what you're doing. Are you storing the keys or the results? 1024 bit
> keys with what algorithm? The only key type that is locked to 1024
> bits is DSA and that's a signing algorithm, so encryption never comes
> into the equation.
>
> The key that's used for encryption, according to the Handbook, is the
> El-Gamal sub-key that gets created, along with the DSA signing key, when
> you invoke 'gpg --gen-key'. The concern is over database storage of the
> results, not the keys. I could store them outside the database, but I'd
> rather not as that adds a level of indirection, additional complexity, and
> another point of failure to the design. The algorithm is whatever is used
> by 'gpg --encrypt'.
Well, it's a tiny difference in practice, but you can generate small
Elgamal keys by using the --expert flag along with --gen-key.
David
More information about the Gnupg-users
mailing list