gpg: default to 3072-bit RSA keys.

* agent/command.c (hlp_genkey): update help text to suggest the use of 3072 bits. * doc/wks.texi: Make example match default generation. * g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment, (gen_rsa, get_keysize_range): update default from 2048 to 3072). * g10/keyid.c (pubkey_string): update comment so that first example is the default 3072-bit RSA. -- 3072-bit RSA is widely considered to be 128-bit-equivalent security. This is a sensible default in 2017. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Gbp-Pq: Topic update-defaults Gbp-Pq: Name 0015-gpg-default-to-3072-bit-RSA-keys.patch
2025-07-03 22:56:33 +02:00 · 2017-09-07 18:41:10 -04:00 · 2017-09-07 18:41:10 -04:00 · 909fbca196
commit 909fbca196
parent 7955262151
4 changed files with 9 additions and 10 deletions
--- a/g10/keyid.c
+++ b/g10/keyid.c
@ -73,7 +73,7 @@ pubkey_letter( int algo )
   is copied to the supplied buffer up a length of BUFSIZE-1.
   Examples for the output are:

-   "rsa2048"  - RSA with 2048 bit
+   "rsa3072"  - RSA with 3072 bit
   "elg1024"  - Elgamal with 1024 bit
   "ed25519"  - ECC using the curve Ed25519.
   "E_1.2.3.4"  - ECC using the unsupported curve with OID "1.2.3.4".
@ -83,7 +83,7 @@ pubkey_letter( int algo )
   If the option --legacy-list-mode is active, the output use the
   legacy format:

-   "2048R" - RSA with 2048 bit
+   "3072R" - RSA with 3072 bit
   "1024g" - Elgamal with 1024 bit
   "256E"  - ECDSA using a curve with 256 bit