From 909fbca19678e6e36968607e8a2348381da39d8c Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 7 Sep 2017 18:41:10 -0400 Subject: gpg: default to 3072-bit RSA keys. * agent/command.c (hlp_genkey): update help text to suggest the use of 3072 bits. * doc/wks.texi: Make example match default generation. * g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment, (gen_rsa, get_keysize_range): update default from 2048 to 3072). * g10/keyid.c (pubkey_string): update comment so that first example is the default 3072-bit RSA. -- 3072-bit RSA is widely considered to be 128-bit-equivalent security. This is a sensible default in 2017. Signed-off-by: Daniel Kahn Gillmor Gbp-Pq: Topic update-defaults Gbp-Pq: Name 0015-gpg-default-to-3072-bit-RSA-keys.patch --- g10/keyid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'g10/keyid.c') diff --git a/g10/keyid.c b/g10/keyid.c index d733156f8..c519bc581 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -73,7 +73,7 @@ pubkey_letter( int algo ) is copied to the supplied buffer up a length of BUFSIZE-1. Examples for the output are: - "rsa2048" - RSA with 2048 bit + "rsa3072" - RSA with 3072 bit "elg1024" - Elgamal with 1024 bit "ed25519" - ECC using the curve Ed25519. "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". @@ -83,7 +83,7 @@ pubkey_letter( int algo ) If the option --legacy-list-mode is active, the output use the legacy format: - "2048R" - RSA with 2048 bit + "3072R" - RSA with 3072 bit "1024g" - Elgamal with 1024 bit "256E" - ECDSA using a curve with 256 bit -- cgit v1.2.3