Maximum keypair length...
Konstantin Ryabitsev
konstantin at linuxfoundation.org
Fri May 1 18:01:40 CEST 2020
On Thu, Apr 30, 2020 at 11:07:11PM -0400, Barry Smith via Gnupg-users wrote:
> Let me continue by explaining some back up information for my
> question.
> - I am asking in terms of the latest standards implemented in distros and
> Windows .exe auto-install packages.
> - I am trying to create a group calendar file and app for a private group.
> - Original concept for my project -- use an annual calendar file that has
> December (year minus 1) to January (year plus 1), so 14 months of days. I
> want one keypair per day for the group.
I'm not sure what kind of risk scenario you're working against, but this
sounds extreme and will probably have all sorts of usability corner
cases.
> SO, users, help!
> I need to know the absolute longest key that GnuPG can create RIGHT
> NOW.
It depends on the algorithm. RSA keys have the default maximum length of
8192 set at compile-time. Elliptic Curve cryptography requires much
shorter keys, so maximums will be different there.
In general, the length of the key is only part of the picture when we're
talking about encryption "strength." Many cryptographers consider RSA
keys longer than 2048 bits to be a "feel-good security theatre", because
classical computers are not likely to be able to successfully break
2048-bit keys in the foreseeable future, even given state-level funding.
If/once we get to the point where quantum computers are powerful enough
to defeat 2048-bit RSA, then we should consider all classical public-key
crypto irreversibly compromised (RSA, DSA, ECC, etc) -- longer keypair
lengths will merely buy a bit of time before failing to cryptanalysis.
So, if you want decent modern-day encryption, use 256-bit ECC keys and
don't worry about key lengths longer than 256 (or 4096 for RSA).
-K
More information about the Gnupg-users
mailing list