Page MenuHome GnuPG

GnuPG, Kleopatra: Update --full-gen-key options for GnuPG-2.3
Open, WishlistPublic


gpg --full-gen-key currently offers to create 1024 bit DSA keys.

Related to T4740 DSA-1024 with the Q size of 160-bit is problematic at best.

Similarly the ECC options are still hidden behind the --expert flag.

I propose to offer ECC without the expert flag and hide DSA and Elgamal behind the --expert flag.

The CLI can also be seen as an example what a GUI should offer if it offers options. That is why I also tagged this issue as an Kleopatra issue.



Event Timeline

Without --expert my proposal for full-gen-key would be:

gpg --full-gen-key 
gpg (GnuPG) 2.3.0-beta983; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: Note: RFC4880bis features are enabled.
Please select what kind of key you want (add --expert for more options):

  (1) RSA and RSA (default)
  (2) ECC and ECC < Automatically selecting cv25519
  (3) RSA (set your own capabilities)
  (4) ECC (set your own capabilities) < With curve selection
  (5) Existing key from card

As full-gen-key is already kind of expert I would leave the "own capabilities"