Page MenuHome GnuPG
Create Task
Maniphest T6329

Extend --min-rsa-length by a start date
Closed, WontfixPublic
Actions

Description

It might be useful to limit the --min-rsa-length by a start date computed from the creation date of the key.

Related Objects

Event Timeline

werner triaged this task as Normal priority.Jan 3 2023, 2:40 PM
werner created this task.
werner created this object with edit policy "Contributor (Project)".
aheinecke added a subscriber: aheinecke.Jan 3 2023, 3:51 PM

I see the use to have an option to have a stricter "min-rsa-length", and which will be useful even in the future e.g. for 4096.

But I think an additional date parameter there would overly complicate things. As for RSA-2048 deprecation with a start date by creation date, I think we can directly implement that when compliance de-vs is set and not depending on an option as I would see this as a hard compliance requirement.

werner added a comment.Jan 4 2023, 10:58 AM

We can simply change the arg type from number to string and use a value like 3072/20240101

werner closed this task as Wontfix.Jan 6 2023, 10:35 AM
werner claimed this task.

It turned out that this does not make much sense.

Note that it is already possible to restrict the required RSA size in de-vs mode using the config file:

# From 2024-01-01 on we require at least rsa3000
[if $_epoch >= 1704067200 ]
   min-rsa-length 3000
[fi]
werner mentioned this in T6325: Kleopatra: Prevent OpenPGP Cert and CSR creation for RSA-2048 in de-vs mode.Jan 10 2023, 12:11 PM
werner edited projects, added gnupg; removed Restricted Project, gnupg22.Sep 7 2023, 11:05 AM