1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 7 Sep 2017 18:41:10 -0400
Subject: gpg: default to 3072-bit RSA keys.
* agent/command.c (hlp_genkey): update help text to suggest the use of
3072 bits.
* doc/wks.texi: Make example match default generation.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
(gen_rsa, get_keysize_range): update default from 2048 to 3072).
* g10/keyid.c (pubkey_string): update comment so that first example
is the default 3072-bit RSA.
--
3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 909fbca19678e6e36968607e8a2348381da39d8c)
---
agent/command.c | 2 +-
doc/wks.texi | 4 ++--
g10/keygen.c | 9 ++++-----
g10/keyid.c | 4 ++--
4 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/agent/command.c b/agent/command.c
index adb2c00..60eb6ad 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -843,7 +843,7 @@ static const char hlp_genkey[] =
"\n"
" C: GENKEY\n"
" S: INQUIRE KEYPARAM\n"
- " C: D (genkey (rsa (nbits 2048)))\n"
+ " C: D (genkey (rsa (nbits 3072)))\n"
" C: END\n"
" S: D (public-key\n"
" S: D (rsa (n 326487324683264) (e 10001)))\n"
diff --git a/doc/wks.texi b/doc/wks.texi
index d6798b1..5fe2a33 100644
--- a/doc/wks.texi
+++ b/doc/wks.texi
@@ -404,10 +404,10 @@ the submission address:
The output of the last command looks similar to this:
@example
- sec rsa2048 2016-08-30 [SC]
+ sec rsa3072 2016-08-30 [SC]
C0FCF8642D830C53246211400346653590B3795B
uid [ultimate] key-submission@@example.net
- ssb rsa2048 2016-08-30 [E]
+ ssb rsa3072 2016-08-30 [E]
@end example
Take the fingerprint from that output and manually publish the key:
diff --git a/g10/keygen.c b/g10/keygen.c
index ed57d5d..492c65f 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -46,11 +46,10 @@
#include "../common/mbox-util.h"
-/* The default algorithms. If you change them remember to change them
- also in gpg.c:gpgconf_list. You should also check that the value
+/* The default algorithms. If you change them, you should ensure the value
is inside the bounds enforced by ask_keysize and gen_xxx. See also
get_keysize_range which encodes the allowed ranges. */
-#define DEFAULT_STD_KEY_PARAM "rsa2048/cert,sign+rsa2048/encr"
+#define DEFAULT_STD_KEY_PARAM "rsa3072/cert,sign+rsa3072/encr"
#define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr"
/* When generating keys using the streamlined key generation dialog,
@@ -1648,7 +1647,7 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
if (nbits < 1024)
{
- nbits = 2048;
+ nbits = 3072;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
else if (nbits > maxsize)
@@ -2117,7 +2116,7 @@ get_keysize_range (int algo, unsigned int *min, unsigned int *max)
default:
*min = opt.compliance == CO_DE_VS ? 2048: 1024;
*max = 4096;
- def = 2048;
+ def = 3072;
break;
}
diff --git a/g10/keyid.c b/g10/keyid.c
index 5b868cd..af9be07 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -73,7 +73,7 @@ pubkey_letter( int algo )
is copied to the supplied buffer up a length of BUFSIZE-1.
Examples for the output are:
- "rsa2048" - RSA with 2048 bit
+ "rsa3072" - RSA with 3072 bit
"elg1024" - Elgamal with 1024 bit
"ed25519" - ECC using the curve Ed25519.
"E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4".
@@ -83,7 +83,7 @@ pubkey_letter( int algo )
If the option --legacy-list-mode is active, the output use the
legacy format:
- "2048R" - RSA with 2048 bit
+ "3072R" - RSA with 3072 bit
"1024g" - Elgamal with 1024 bit
"256E" - ECDSA using a curve with 256 bit
|
