projects / gnupg2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 96ca361) | patch
gpg: default to 3072-bit RSA keys.
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 7 Sep 2017 22:41:10 +0000 (18:41 -0400)
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Sat, 15 Dec 2018 01:17:16 +0000 (01:17 +0000)
commit1f1fc6c2aecc74174b9a2021549eb0d81a59b873
tree0d3733033c48ac6934b6d6da5aeff1c1269a0708tree | snapshot
parent96ca361e6888342b071fb2b785090c429163f0d3commit | diff
gpg: default to 3072-bit RSA keys.

* agent/command.c (hlp_genkey): update help text to suggest the use of
3072 bits.
* doc/wks.texi: Make example match default generation.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
(gen_rsa, get_keysize_range): update default from 2048 to 3072).
* g10/keyid.c (pubkey_string): update comment so that first example
is the default 3072-bit RSA.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 909fbca19678e6e36968607e8a2348381da39d8c)

Gbp-Pq: Topic from-master
Gbp-Pq: Name gpg-default-to-3072-bit-RSA-keys.patch
agent/command.c diff | blob | history
doc/wks.texi diff | blob | history
g10/keygen.c diff | blob | history
g10/keyid.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.