Index: b/configure.ac
===================================================================
--- b/configure.ac
+++ b/configure.ac
@@ -345,6 +345,39 @@
                   [Size of the key and UID caches])
 
 
+#
+# Check for the max RSA key size.  This defaults to 4096.
+#
+AC_MSG_CHECKING([for the max rsa key size])
+AC_ARG_ENABLE(max-rsa-key-size,
+        AC_HELP_STRING([--enable-max-rsa-key-size=SIZE],
+                       [Set maximum generated RSA key size to SIZE (must be
+                        between 4096 and 65535; default 4096)]),,enableval=4096)
+if test "$enableval" = "no"; then
+   enableval=4096
+   AC_MSG_WARN([using default max rsa key size 4096])
+elif test "$enableval" = "yes" || test "$enableval" = ""; then
+   enableval=4096
+fi
+changequote(,)dnl
+max_rsa_key_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
+changequote([,])dnl
+if test "$enableval" != "$max_rsa_key_size" || test "$max_rsa_key_size" -lt 4096 || test "$max_rsa_key_size" -gt 65535; then
+   AC_MSG_ERROR([invalid max rsa key size])
+elif test "$max_rsa_key_size" -gt 16384; then
+   AC_MSG_WARN([[
+***
+*** RSA key sizes above 16384 are incompatible with binaries compiled without
+*** a similarly large setting.  Setting max rsa key size to greater than
+*** 16384 makes it possible to create incompatible keys and therefore is
+*** not currently recommended.  Proceeding anyhow...
+***]])
+fi
+AC_MSG_RESULT($max_rsa_key_size)
+AC_DEFINE_UNQUOTED(GNUPG_MAX_RSA_KEY_SIZE,$max_rsa_key_size,
+                  [Maximum size of generated RSA keys])
+
+
 
 #
 # Check whether we want to use Linux capabilities
Index: b/g10/gpg.c
===================================================================
--- b/g10/gpg.c
+++ b/g10/gpg.c
@@ -2067,8 +2067,13 @@
 #endif
 
     /* Initialize the secure memory. */
+#if GNUPG_MAX_RSA_KEY_SIZE > 4096
+    if (!gcry_control (GCRYCTL_INIT_SECMEM, 131072, 0))
+      got_secmem = 1;
+#else
     if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
       got_secmem = 1;
+#endif
 #if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
     /* There should be no way to get to this spot while still carrying
        setuid privs.  Just in case, bomb out if we are. */
Index: b/g10/keygen.c
===================================================================
--- b/g10/keygen.c
+++ b/g10/keygen.c
@@ -1981,6 +1981,9 @@
 
     case PUBKEY_ALGO_RSA:
       min=1024;
+#if GNUPG_MAX_RSA_KEY_SIZE > 4096
+      max=GNUPG_MAX_RSA_KEY_SIZE
+#endif
       break;
     }