[Cryptography] Future GPG/PGP

Michael Kjörling michael at kjorling.se
Tue Sep 29 17:18:57 EDT 2015

On 28 Sep 2015 19:38 -0500, from moonpunter at gmail.com (phm):
> What, if any, efforts have been initiated to replace GPG? I'm very
> interested to know. I understand that RSA 4096 is much more than "pretty
> good," but I'm also sure that folks are forever working on such tools.

You don't need a replacement for GnuPG to go beyond 4096-bit RSA, even
if we limit the discussion to implementations of OpenPGP. In fact, RFC
4880 § 15 explicitly says:

> * OpenPGP does not put limits on the size of public keys. However,
>   larger keys are not necessarily better keys. Larger keys take more
>   computation time to use, and this can quickly become impractical.
>   Different OpenPGP implementations may also use different upper
>   bounds for public key sizes, and so care should be taken when
>   choosing sizes to maintain interoperability. As of 2007 most
>   implementations have an upper bound of 4096 bits.

and RFC 4880 § 13.5 says:

> An implementation SHOULD NOT implement RSA keys of size less than
> 1024 bits.

Plain GnuPG (the implementation) already supports two sets of
asymmetric encryption algorithms: RSA/RSA and DH/DSS. I doubt that
adding a third would require any major architectural changes, although
it obviously would require writing the code to implement that
additional algorithm or set of algorithms.

The maximum key length is almost certainly not more than a constant
set somewhere, intended primarily to ensure your average user doesn't
pick obscene key lengths like a 64k bit RSA modulus. Maximum
asymmetric key lengths in the PGP family have increased over time; I
recall reading somewhere that PGP 1.x only supported a maximum of 384
bits of RSA, and I distinctly remember PGP 2.6.2i topping out at 2047
bits (not 2048, due to a bug). I think PGP 5.0 was the version that
raised the maximum to a 4096 bit modulus in the case of RSA.

(Just because I could, when I replaced a SSH connection key recently,
I went with a 6144 bit modulus. Neither system involved is
particularly underpowered by modern standards, but the SSH
authentication using that key is _noticably_ slow.)

Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)

More information about the cryptography mailing list