[Pkg-gnupg-maint] Bug#749335: Oldstable GnuPG no longer capable of using large keys

[Lance Hathaway]

On Tuesday, June 24, 2014 11:26:07 AM, Werner Koch <wk at gnupg.org> wrote:

> For the records, GnuPG never supported keys larger than keys you can
> create with GnuPG, which is for RSA 4096 bit.  Largers keys may or may
> not work.

I would like to state, for the record, that I -did- use GnuPG to create these keys. More to the point, I used -stock- GnuPG (unmodified) to create my 16k key. Specifically, I used batch mode to do so, as the menu-driven system had a hard upper limit on key size. GnuPG -can- (or could, since I haven't tested it recently) create RSA keys larger than 4096 bits in length, without any modification.

I knew from the start that GnuPG does not countenance the use of key sizes larger than 4k, and it is not my intention to re-open that debate. However, the software worked. It worked to create the keys, and it worked to utilize the keys. I didn't have to change anything in the code or re-compile anything with new options. It just worked.

Also for the record, I mostly agree with GnuPG's decision re: the 4k limit on creating new keys through the menu interface. It wasn't easy to figure out how to create a large keypair with stock GnuPG, and that information is probably best left obscure. But it could be done--and GnuPG worked with the resulting keys normally. Now, GnuPG simply doesn't allow me to make signatures with the large key any more.

Perhaps a large part of my frustration / confusion stems from a lack of understanding. Obviously something changed between the version that worked and the version that does not. I don't know enough to figure out what code changed to impact this functionality, and I certainly don't understand why. From what I've been able to tell, this is purely a matter of allocating more secure memory, as if the allocation was reduced at some point. I don't know whether this was part of the fix for CVE-2013-4576 (if so, why was this impacted?), or if it was another code change rolled into the same update (if so, why the reduction [if it was a reduction]?). Could you possibly shed some light on this?


> p.s. A 16k key is actually the worst thing one can do and actually
> decreases overall security.

I'm afraid I don't understand this at all. I do understand the arguments about creating a false sense of security, the need to preserve compatibility with low-power devices and older software, and etc., but I haven't heard anything about why a 16k key is "the worst thing one can do," such that it actually decreases overall security. Could you please elaborate further?

 -Lance