Page MenuHome GnuPG
Create Task
Maniphest T8056

Support config options RSAKeySizes and PGPKeyType for Kf6
Testing, NormalPublic
Actions

Description

The config options RSAKeySizes and PGPKeyType need to be re-implemented.

For more details see the corresponding Ticket for Kf5 T7674: Kleopatra: Restore behavior of RSAKeySizes and PGPKeyType

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEOa6c8962a9e1a Re-add support for legacy settings PGPKeyType and RSAKeySizes
rLIBKLEO2e1867d75546 Add support for CMS to algorithm helpers
rKLEOPATRA Kleopatra
rKLEOPATRAb9fa02ba2216 Use extended helper to get compliant algorithms for CMS

Related Objects

Event Timeline

ebo triaged this task as Normal priority.Jan 26 2026, 2:28 PM
ebo created this task.
ebo created this object with edit policy "Contributor (Project)".
ikloecker claimed this task.Feb 9 2026, 11:27 AM
ikloecker moved this task from Backlog to WIP on the gpd5x board.
ikloecker added a commit: rLIBKLEO2e1867d75546: Add support for CMS to algorithm helpers.Feb 10 2026, 5:17 PM
ikloecker added a commit: rLIBKLEOa6c8962a9e1a: Re-add support for legacy settings PGPKeyType and RSAKeySizes.
ikloecker added a commit: rKLEOPATRAb9fa02ba2216: Use extended helper to get compliant algorithms for CMS.Feb 10 2026, 5:22 PM
ikloecker changed the task status from Open to Testing.Feb 11 2026, 10:51 AM

The settings should work again. They are described at https://docs.kde.org/trunk_kf6/en/kleopatra/kleopatra/admin.html#admin-certificate-request-wizard-keys , but note that the documentation is severely outdated. Note that those settings are not officially supported by GnuPG (VS-)Desktop (see https://gnupg.com/vsd/kleopatra-settings.html).

For PGPKeyType the only accepted value is "RSA" (case insensitive). If this setting is set to "RSA" then only RSA keys can be generated with Kleopatra.

For RSAKeySizes the only supported values are 2048, 3072, 4096. The default can be indicated by prefixing the value with - (ASCII hyphen/minus sign). If this setting is set then PGPKeyType is implicitly assumed to be "RSA".

If de-vs compliance is enforced then only compliant algorithms are allowed, i.e. rsa2048 won't be allowed even if listed in RSAKeySizes. If only 2048 is set with RSAKeySizes then Kleopatra VSD will ignore this setting and allow all compliant algorithms.

ikloecker mentioned this in Unknown Object (Maniphest Task).Mon, Feb 23, 9:00 AM
ebo moved this task from WIP to QA on the gpd5x board.Thu, Feb 26, 2:33 PM
ikloecker mentioned this in T8138: Kleopatra: Key generation fails with "unkown elliptic curve".Mon, Mar 2, 10:42 AM
timegrid moved this task from QA to Done on the gpd5x board.Wed, Mar 4, 5:47 PM
timegrid added a subscriber: timegrid.

Looks good to me on gpg4win-5.0.2-beta2 @ win11:

  • PGPKeyType=RSA

  • RSAKeySizes=2048,-4096

  • RSAKeySizes=2048,-4096 + de_vs compliance

  • RSAKeySizes=-2048 + de_vs compliance

Note: Ticket for the outdated handbook (in this state I'd rather just remove the link): T7895: Kleopatra: Handbook outdated

timegrid moved this task from Done to gpd-5.0.2 on the gpd5x board.Wed, Mar 4, 5:48 PM
timegrid edited projects, added gpd5x (gpd-5.0.2); removed gpd5x.