gpg: default to 3072-bit RSA keys.

* agent/command.c (hlp_genkey): update help text to suggest the use of 3072 bits. * doc/wks.texi: Make example match default generation. * g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment, (gen_rsa, get_keysize_range): update default from 2048 to 3072). * g10/keyid.c (pubkey_string): update comment so that first example is the default 3072-bit RSA. -- 3072-bit RSA is widely considered to be 128-bit-equivalent security. This is a sensible default in 2017. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> (cherry picked from commit 909fbca19678e6e36968607e8a2348381da39d8c) Gbp-Pq: Topic from-master Gbp-Pq: Name gpg-default-to-3072-bit-RSA-keys.patch
2017-09-07 18:41:10 -04:00 · 2017-09-07 18:41:10 -04:00 · 848046808c
parent a299be0cfe
commit 848046808c
4 changed files with 9 additions and 10 deletions
--- a/agent/command.c
+++ b/agent/command.c
@ -843,7 +843,7 @@ static const char hlp_genkey[] =
  "\n"
  "  C: GENKEY\n"
  "  S: INQUIRE KEYPARAM\n"
-  "  C: D (genkey (rsa (nbits  2048)))\n"
+  "  C: D (genkey (rsa (nbits 3072)))\n"
  "  C: END\n"
  "  S: D (public-key\n"
  "  S: D   (rsa (n 326487324683264) (e 10001)))\n"
--- a/doc/wks.texi
+++ b/doc/wks.texi
@ -412,10 +412,10 @@ the submission address:
 The output of the last command looks similar to this:

@example
-  sec   rsa2048 2016-08-30 [SC]
+  sec   rsa3072 2016-08-30 [SC]
        C0FCF8642D830C53246211400346653590B3795B
  uid           [ultimate] key-submission@@example.net
-  ssb   rsa2048 2016-08-30 [E]
+  ssb   rsa3072 2016-08-30 [E]
@end example

 Take the fingerprint from that output and manually publish the key:
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -46,11 +46,10 @@
 #include "../common/mbox-util.h"


-/* The default algorithms.  If you change them remember to change them
-   also in gpg.c:gpgconf_list.  You should also check that the value
+/* The default algorithms.  If you change them, you should ensure the value
   is inside the bounds enforced by ask_keysize and gen_xxx.  See also
   get_keysize_range which encodes the allowed ranges.  */
-#define DEFAULT_STD_KEY_PARAM  "rsa2048/cert,sign+rsa2048/encr"
+#define DEFAULT_STD_KEY_PARAM  "rsa3072/cert,sign+rsa3072/encr"
 #define FUTURE_STD_KEY_PARAM   "ed25519/cert,sign+cv25519/encr"

 /* When generating keys using the streamlined key generation dialog,
@ -1653,7 +1652,7 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,

  if (nbits < 1024)
    {
-      nbits = 2048;
+      nbits = 3072;
      log_info (_("keysize invalid; using %u bits\n"), nbits );
    }
  else if (nbits > maxsize)
@ -2264,7 +2263,7 @@ get_keysize_range (int algo, unsigned int *min, unsigned int *max)
    default:
      *min = opt.compliance == CO_DE_VS ? 2048: 1024;
      *max = 4096;
-      def = 2048;
+      def = 3072;
      break;
    }

--- a/g10/keyid.c
+++ b/g10/keyid.c
@ -73,7 +73,7 @@ pubkey_letter( int algo )
   is copied to the supplied buffer up a length of BUFSIZE-1.
   Examples for the output are:

-   "rsa2048"  - RSA with 2048 bit
+   "rsa3072"  - RSA with 3072 bit
   "elg1024"  - Elgamal with 1024 bit
   "ed25519"  - ECC using the curve Ed25519.
   "E_1.2.3.4"  - ECC using the unsupported curve with OID "1.2.3.4".
@ -83,7 +83,7 @@ pubkey_letter( int algo )
   If the option --legacy-list-mode is active, the output use the
   legacy format:

-   "2048R" - RSA with 2048 bit
+   "3072R" - RSA with 3072 bit
   "1024g" - Elgamal with 1024 bit
   "256E"  - ECDSA using a curve with 256 bit