Page MenuHome GnuPG

Kleopatra key generation does not use default algorithms 3072 but 2048
Closed, ResolvedPublic


Testing Kleopatra from the current Gpg4win-3.1.11 a fresh key creation
(started from the front just after installation) uses 2048 RSA where it should use 3072,
because that is marked as default in the "advanced settings" dialog (but not selected).

how to reproduce

  • start a key creation -> OpenPGP
  • enter some values
  • hit "create"
  • in the checking dialog, click show details

Observation: 2024 is used.
Expectation: 3072 is used.

  • Abort, go back and restart
  • Hit "advanced" settings: RSA is selected and 2048 and 2048.
  • open the dropdown boxes for key length

Observation: 3072 is marked as "(default)", but was not selected
Expectation: "3072 (default)" should be selected, because no setting was changed.

tested with

Tested in Window 10 1903 DE and EN.
Kleopatra (from gpg4win 3.1.11) the website says 3.1.8, the about dialog says 3.1.11

Revisions and Commits

Event Timeline

bernhard updated the task description. (Show Details)

The default for GnuPG 2.2 is still 2048 (Debian changed that in their distributed version). The reason for this is that we don't want to generate such keys but move on to Curve25519 for the new defaults.

FWIW, the VS-NfD profile sets the default RSA key size to 3072.

aheinecke changed the task status from Open to Testing.Jul 16 2020, 2:35 PM
aheinecke triaged this task as Normal priority.

Hi, yeah its complicated for Kleopatra to detect the defaults as they can be set both in Kleopatra config and GnuPG config. The GnuPG config overrides the Kleopatra config. Kleo has code to handle this but not when it adds the comboboxes to the GUI. So I've just removed the "default". We only had this for RSA and DSA / Elgamal, for ECC we did not indicate the default.