Page MenuHome GnuPG

Extend --min-rsa-length by a start date
Closed, WontfixPublic

Description

It might be useful to limit the --min-rsa-length by a start date computed from the creation date of the key.

Event Timeline

werner triaged this task as Normal priority.Jan 3 2023, 2:40 PM
werner created this task.
werner created this object with edit policy "Contributor (Project)".

I see the use to have an option to have a stricter "min-rsa-length", and which will be useful even in the future e.g. for 4096.

But I think an additional date parameter there would overly complicate things. As for RSA-2048 deprecation with a start date by creation date, I think we can directly implement that when compliance de-vs is set and not depending on an option as I would see this as a hard compliance requirement.

We can simply change the arg type from number to string and use a value like 3072/20240101

werner claimed this task.

It turned out that this does not make much sense.

Note that it is already possible to restrict the required RSA size in de-vs mode using the config file:

# From 2024-01-01 on we require at least rsa3000
[if $_epoch >= 1704067200 ]
   min-rsa-length 3000
[fi]