minimal dsa/elg bitsize during expert keygen outdated
Closed, ResolvedPublic

Description

It seems like the minimal possible bit size displayed during expert key generation is outdated:

gpg2 --expert --full-gen-key

gpg: WARNING: unsafe permissions on homedir 'temp-gnupg-dir'
gpg (GnuPG) 2.1.9; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:

 (1) RSA and RSA (default)
 (2) DSA and Elgamal
 (3) DSA (sign only)
 (4) RSA (sign only)
 (7) DSA (set your own capabilities)
 (8) RSA (set your own capabilities)
 (9) ECC and ECC
(10) ECC (sign only)
(11) ECC (set your own capabilities)

Your selection? 2
DSA keys may be between 512 and 3072 bits long.
What keysize do you want? (2048) 512
Requested keysize is 512 bits
ELG keys may be between 512 and 4096 bits long.
What keysize do you want for the subkey? (2048) 512
Requested keysize is 512 bits
Please specify how long the key should be valid.

   0 = key does not expire
<n>  = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years

Key is valid for? (0) 1d
Key expires at Fri Jan 1 17:57:06 2016 CET
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: John Doe
Email address:
Comment:
You selected this USER-ID:

    "John Doe"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: keysize invalid; using 2048 bits
gpg: WARNING: some OpenPGP programs can't handle a DSA key with this digest size
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: keysize invalid; using 2048 bits

[...]

-----------

Following the related generation methods and it seems like 512 bits is outdated since the
commits 03f0b51f and aae7ec5 and 768 for DSA 1024 for Elgamal should be minimal allowed length
even during expert key creation:

-----------

Possible patch:

diff --git a/g10/keygen.c b/g10/keygen.c
index 992e572..f79add4 100644

  • a/g10/keygen.c

+++ b/g10/keygen.c
@@ -2006,15 +2006,10 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int
*r_usage,
static unsigned
ask_keysize (int algo, unsigned int primary_keysize)
{

  • unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;

+ unsigned int nbits, min=1024, def = DEFAULT_STD_KEYSIZE, max=4096;

  int for_subkey = !!primary_keysize;
  int autocomp = 0;
  • if(opt.expert)
  • min=512;
  • else
  • min=1024;
  • if (primary_keysize && !opt.expert) { /* Deduce the subkey size from the primary key size. */

@@ -2032,6 +2027,7 @@ ask_keysize (int algo, unsigned int primary_keysize)

switch(algo)
  {
  case PUBKEY_ALGO_DSA:

+ min=768;

def=2048;
max=3072;
break;

@@ -2048,10 +2044,6 @@ ask_keysize (int algo, unsigned int primary_keysize)

def=255;
max=441;
break;
  • case PUBKEY_ALGO_RSA:
  • min=1024;
  • break; } tty_printf(_("%s keys may be between %u and %u bits long.\n"),
werner claimed this task.Jan 5 2016, 1:50 PM
werner added a subscriber: werner.

Commit e70f7a5 fixes this for 2.1.
Should be backported.
Thanks.

gniibe added a subscriber: gniibe.Jul 15 2016, 2:53 AM

For the T2238, it was backported in effect (not intentional, though).

1.4: ca1fc59
2.0: 1c15136

justus closed this task as Resolved.Jul 17 2017, 10:43 AM
justus added a subscriber: justus.

I just verified that this is indeed fixed.