Path: csiph.com!x330-a1.tempe.blueboxinc.net!feeder1.hal-mli.net!feeder.news-service.com!feeder.news-service.com!85.214.198.2.MISMATCH!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail From: 1PW <1PW@INVALID.net> Newsgroups: comp.security.pgp.tech,alt.security.pgp Subject: Re: gnupg2 modified to generate 16384 bits RSA key Date: Thu, 19 May 2011 12:31:19 -0700 Organization: Little or none. Lines: 38 Message-ID: References: <14e417f17b3cb247f87eb7c943e9800c@rip.ax.lt> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Injection-Date: Thu, 19 May 2011 19:31:22 +0000 (UTC) Injection-Info: mx04.eternal-september.org; posting-host="DK36JYexHIPkG/QNU/uDSw"; logging-data="14908"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/faFoFXmnHrsBdud+NrYxY" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 In-Reply-To: <14e417f17b3cb247f87eb7c943e9800c@rip.ax.lt> Cancel-Lock: sha1:2iXeYZUxhIDBO39uoj5cFyDILgU= Xref: x330-a1.tempe.blueboxinc.net comp.security.pgp.tech:3 On 5/18/2011 3:29 PM, Anne Onime wrote: > I wanted to generate the RSA gnupg key with length of 16384 bits. > Previously it was sufficient to increase the maximum key length: > > --- gnupg2-2.0.17.orig/g10/keygen.c > +++ gnupg2-2.0.17/g10/keygen.c > @@ -1774,7 +1774,7 @@ ask_algo (int addmode, int *r_subkey_alg > static unsigned > ask_keysize (int algo, unsigned int primary_keysize) > { > - unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096; > + unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=16384; > int for_subkey = !!primary_keysize; > int autocomp = 0; > > Now it appears, that the above modification is not sufficient. > Generation of key ends with out of memory error. > To succesfully generate the 16k bit RSA key one needs to increase > amount of allocated "secure memory": > > --- gnupg2-2.0.17.orig/g10/gpg.c > +++ gnupg2-2.0.17/g10/gpg.c > @@ -2050,7 +2050,7 @@ main (int argc, char **argv) > #endif > > /* Initialize the secure memory. */ > - if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0)) > + if (!gcry_control (GCRYCTL_INIT_SECMEM, 65536, 0)) > got_secmem = 1; > #if defined(HAVE_GETUID) && defined(HAVE_GETEUID) > /* There should be no way to get to this spot while still carrying > > After above modifications I was able to successfully generate 16384 bits RSA > key. As this has all the outward appearances of a friendly enhancement, I hope you have considered requesting this be included in future official updates by "The GnuPG Team".