Skip to content

Instantly share code, notes, and snippets.

@deekayen
Last active November 5, 2018 04:15
Show Gist options
  • Save deekayen/3f5526531951bf53be49 to your computer and use it in GitHub Desktop.
Save deekayen/3f5526531951bf53be49 to your computer and use it in GitHub Desktop.
GnuPG 1.4.19 large key generation to be combined with ./configure --enable-large-secmem at compile time and gpg --gen-key --enable-large-rsa at runtime.
--- g10/keygen.c 2015-02-26 12:24:21.000000000 -0500
+++ g10/keygen.c 2015-03-02 22:12:09.028419377 -0500
@@ -1041,8 +1041,9 @@
nbits = 2048;
log_info(_("keysize invalid; using %u bits\n"), nbits );
}
- else if (nbits > 4096) {
- nbits = 4096;
+ else if (nbits > 15489) {
+ /* fallback to RFC3766 256-bit symmetric equivalency */
+ nbits = 15489;
log_info(_("keysize invalid; using %u bits\n"), nbits );
}
@@ -1251,7 +1252,8 @@
PKT_public_key *pk;
MPI skey[6];
MPI *factors;
- const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096);
+ /* New large key limit RFC3766 256-bit symmetric equivalency */
+ const unsigned maxsize = (opt.flags.large_rsa ? 15489 : 4096);
assert( is_RSA(algo) );
@@ -1578,7 +1580,7 @@
static unsigned int
ask_keysize (int algo, unsigned int primary_keysize)
{
- unsigned nbits, min, def=2048, max=4096;
+ unsigned nbits, min, def=2048, max=15489;
int for_subkey = !!primary_keysize;
int autocomp = 0;
--- configure 2015-02-27 03:37:52.000000000 -0500
+++ configure 2015-03-02 22:28:31.488401783 -0500
@@ -5076,7 +5076,7 @@
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $large_secmem" >&5
$as_echo "$large_secmem" >&6; }
if test "$large_secmem" = yes ; then
- SECMEM_BUFFER_SIZE=65536
+ SECMEM_BUFFER_SIZE=131072
else
SECMEM_BUFFER_SIZE=32768
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment