gpg: Add build and runtime support for larger RSA keys

* configure.ac: Added --enable-large-secmem option. * g10/options.h: Add opt.flags.large_rsa. * g10/gpg.c: Contingent on configure option: adjust secmem size, add gpg --enable-large-rsa, bound to opt.flags.large_rsa. * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa * doc/gpg.texi: Document --enable-large-rsa. -- Some older implementations built and used RSA keys up to 16Kib, but the larger secret keys now fail when used by more recent GnuPG, due to secure memory limitations. Building with ./configure --enable-large-secmem will make gpg capable of working with those secret keys, as well as permitting the use of a new gpg option --enable-large-rsa, which let gpg generate RSA keys up to 8Kib when used with --batch --gen-key. Debian-bug-id: 739424 Minor edits by wk. GnuPG-bug-id: 1732
2025-07-02 22:46:30 +02:00 · 2014-10-03 12:01:11 -04:00 · 2014-10-03 12:01:11 -04:00 · 534e2876ac
commit 534e2876ac
parent 2889a70c10
5 changed files with 50 additions and 3 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1104,6 +1104,15 @@ the opposite meaning. The options are:
  validation. This option is only meaningful if pka-lookups is set.
@end table

+@item --enable-large-rsa
+@itemx --disable-large-rsa
+@opindex enable-large-rsa
+@opindex disable-large-rsa
+With --gen-key and --batch, enable the creation of larger RSA secret
+keys than is generally recommended (up to 8192 bits).  These large
+keys are more expensive to use, and their signatures and
+certifications are also larger.
+
@item --enable-dsa2
@itemx --disable-dsa2
@opindex enable-dsa2