Mailing List Archive

On 3/18/2021 10:21 AM, Andreas K. Huettel wrote:
> Hi David,
>
> when Gentoo switched to requiring gpg-signed git commits and pushes, we put
> some thought into requirements and best practices. Minus the Gentoo-specific
> parts, this is probably good reading:
>
> https://www.gentoo.org/glep/glep-0063.html
> https://wiki.gentoo.org/wiki/Project:Infrastructure/
> Generating_GLEP_63_based_OpenPGP_keys
>

On the pages, I get 'There is currently no text in this page. You can
search for this page title in other pages, or ...'.
Am I missing something?

--
John Doe

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

https://www.gentoo.org/glep/glep-0063.html
https://wiki.gentoo.org/wiki/Project:Infrastructure/Generating_GLEP_63_based_OpenPGP_keys

> On the pages, I get 'There is currently no text in this page. You can
> search for this page title in other pages, or ...'.
> Am I missing something?

Only that kmail insisted on breaking the link... let's hope it doesn't this time.

(Not every mail client implements flowing text correctly, which is why having the client insert line breaks is the safer variant for readability. However...)

--
PD Dr. Andreas K. Huettel
Institute for Experimental and Applied Physics
University of Regensburg
93040 Regensburg
Germany

tel. +49 151 241 67748 (mobile)
tel. +49 941 943 1618 (office)
fax +49 941 943 3196
e-mail andreas.huettel@ur.de
http://www.akhuettel.de/

On 3/18/2021 2:39 PM, Andreas K. Huettel wrote:
> https://www.gentoo.org/glep/glep-0063.html
> https://wiki.gentoo.org/wiki/Project:Infrastructure/Generating_GLEP_63_based_OpenPGP_keys
>

Reading the URLs given by the OP, I see that the GPG FAQ (1) talks about
a default of '2048' but in the latest (2.2.17) release of GPG it looks
like the default is now '3072':

gpg --expert --full-gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC and ECC
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
(14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072)


Am I missing something?


1) https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096

--
John Doe

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-03-18 at 15:15 +0100, john doe via Gnupg-users wrote:
> Reading the URLs given by the OP, I see that the GPG FAQ (1) talks
> about a default of '2048' but in the latest (2.2.17) release of GPG
> it looks like the default is now '3072':
> What keysize do you want? (3072)
>
>
> Am I missing something?
>
> 1) https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096


The FAQis outdated. GnuPG was indeed updated some years ago to use 3072
as the default size for rsa

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=909fbca19678e6e36968607e8a2348381da39d8c


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> Reading the URLs given by the OP, I see that the GPG FAQ (1) talks about
> a default of '2048' but in the latest (2.2.17) release of GPG it looks
> like the default is now '3072':

Yep.

[puts on maintainer hat]

The last time I suggested revisions to that text there was no community
consensus on what should replace it. Each proposed replacement met
significant criticism.

My current plan is to wait until GnuPG 2.3 is released and then update
the FAQ to reflect those changes, and hope that by that time there's
community consensus to support the changes.

The FAQ isn't being ignored. I'd like to do a total overhaul of it.
However, the FAQ isn't meant to be my opinions and rants: it's meant to
be *the community's* voice. So I'm kind of dependent on the mailing
list for support.

[takes off maintainer hat]

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, 19 Mar 2021 01:50, Ángel said:

> The FAQis outdated. GnuPG was indeed updated some years ago to use 3072
> as the default size for rsa

Actually 7 months:

Noteworthy changes in version 2.2.22 (2020-08-27)
-------------------------------------------------

* gpg: Change the default key algorithm to rsa3072.


But some Linux distributions changed it earlier.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Am Freitag 19 März 2021 08:24:53 schrieb Werner Koch via Gnupg-users:
> On Fri, 19 Mar 2021 01:50, Ángel said:
> > The FAQis outdated. GnuPG was indeed updated some years ago to use 3072
> > as the default size for rsa
>
> Actually 7 months:
> Noteworthy changes in version 2.2.22 (2020-08-27)
> -------------------------------------------------
> * gpg: Change the default key algorithm to rsa3072.
> But some Linux distributions changed it earlier.

https://wiki.gnupg.org/LargeKeys is the wiki page to catch some of the
arguments leading to the recommendations. It could use some more updates
for the upcoming future default.


--
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner