* keygen.c (ask_keysize): Change strings to always use %u instead of

hardcoding key sizes.  Bump default to 2048.  Bump minimum down to 512,
where possible, but require --expert to get there.  DSA is always 1024
unless --expert is given.

g10/ChangeLog

@@ -1,3 +1,10 @@
+2004-12-07  David Shaw  <dshaw@jabberwocky.com>
+
+	* keygen.c (ask_keysize): Change strings to always use %u instead
+	of hardcoding key sizes.  Bump default to 2048.  Bump minimum down
+	to 512, where possible, but require --expert to get there.  DSA is
+	always 1024 unless --expert is given.
+
 2004-11-29  David Shaw  <dshaw@jabberwocky.com>
 
 	* getkey.c (parse_key_usage): New function to parse out key usage

g10/keygen.c

@@ -1402,69 +1402,74 @@ ask_algo (int addmode, unsigned int *r_usage)
 static unsigned
 ask_keysize( int algo )
 {
-    char *answer;
+  unsigned nbits,min,def=2048,max=4096;
-    unsigned nbits;
 
-    if (algo != PUBKEY_ALGO_DSA && algo != PUBKEY_ALGO_RSA) {
+  if(opt.expert)
-        tty_printf (_("About to generate a new %s keypair.\n"
+    min=512;
-                      "              minimum keysize is  768 bits\n"
+  else
-                      "              default keysize is 1024 bits\n"
+    min=1024;
-                      "    highest suggested keysize is 2048 bits\n"),
+
-                    pubkey_algo_to_string(algo) );
+  switch(algo)
+    {
+    case PUBKEY_ALGO_DSA:
+      if(opt.expert)
+	{
+	  def=1024;
+	  max=1024;
+	}
+      else
+	{
+	  tty_printf(_("DSA keypair will have %u bits.\n"),1024);
+	  return 1024;
+	}
+      break;
+
+    case PUBKEY_ALGO_RSA:
+      min=1024;
+      break;
     }
 
-    for(;;) {
+  tty_printf(_("%s keys may be between %u and %u bits long.\n"),
-	answer = cpr_get("keygen.size",
+	     pubkey_algo_to_string(algo),min,max);
-			  _("What keysize do you want? (1024) "));
+
-	cpr_kill_prompt();
+  for(;;)
-	nbits = *answer? atoi(answer): 1024;
+    {
-	m_free(answer);
+      char *prompt,*answer;
-	if( algo == PUBKEY_ALGO_DSA && (nbits < 512 || nbits > 1024) )
+
-	    tty_printf(_("DSA only allows keysizes from 512 to 1024\n"));
+#define PROMPTSTRING _("What keysize do you want? (%u) ")
-	else if( algo == PUBKEY_ALGO_RSA && nbits < 1024 )
+
-	    tty_printf(_("keysize too small;"
+      prompt=m_alloc(strlen(PROMPTSTRING)+20);
-			 " 1024 is smallest value allowed for RSA.\n"));
+      sprintf(prompt,PROMPTSTRING,def);
-	else if( nbits < 768 )
+
-	    tty_printf(_("keysize too small;"
+#undef PROMPTSTRING
-			 " 768 is smallest value allowed.\n"));
+
-	else if( nbits > 4096 ) {
+      answer = cpr_get("keygen.size",prompt);
-	    /* It is ridiculous and an annoyance to use larger key sizes!
+      cpr_kill_prompt();
-	     * GnuPG can handle much larger sizes; but it takes an eternity
+      nbits = *answer? atoi(answer): def;
-	     * to create such a key (but less than the time the Sirius
+      m_free(prompt);
-	     * Computer Corporation needs to process one of the usual
+      m_free(answer);
-	     * complaints) and {de,en}cryption although needs some time.
+      
-	     * So, before you complain about this limitation, I suggest that
+      if(nbits<min || nbits>max)
-	     * you start a discussion with Marvin about this theme and then
+	tty_printf(_("%s keysizes must be in the range %u-%u\n"),
-	     * do whatever you want. */
+		   pubkey_algo_to_string(algo),min,max);
-	    tty_printf(_("keysize too large; %d is largest value allowed.\n"),
+      else
-									 4096);
+	break;
-	}
-	else if( nbits > 2048 && !cpr_enabled() ) {
-	    tty_printf(
-		_("Keysizes larger than 2048 are not suggested because\n"
-		  "computations take REALLY long!\n"));
-	    if( cpr_get_answer_is_yes("keygen.size.huge.okay",_(
-			"Are you sure that you want this keysize? (y/N) ")) )
-	      {
-		tty_printf(_("Okay, but keep in mind that your monitor "
-			     "and keyboard radiation is also very vulnerable "
-			     "to attacks!\n"));
-		break;
-	      }
-	}
-	else
-	    break;
     }
-    tty_printf(_("Requested keysize is %u bits\n"), nbits );
+
-    if( algo == PUBKEY_ALGO_DSA && (nbits % 64) ) {
+  tty_printf(_("Requested keysize is %u bits\n"), nbits );
-	nbits = ((nbits + 63) / 64) * 64;
+
-	tty_printf(_("rounded up to %u bits\n"), nbits );
+  if( algo == PUBKEY_ALGO_DSA && (nbits % 64) )
+    {
+      nbits = ((nbits + 63) / 64) * 64;
+      tty_printf(_("rounded up to %u bits\n"), nbits );
     }
-    else if( (nbits % 32) ) {
+  else if( (nbits % 32) )
-	nbits = ((nbits + 31) / 32) * 32;
+    {
-	tty_printf(_("rounded up to %u bits\n"), nbits );
+      nbits = ((nbits + 31) / 32) * 32;
+      tty_printf(_("rounded up to %u bits\n"), nbits );
     }
-    return nbits;
+
+  return nbits;
 }
 
 
@@ -2487,7 +2492,7 @@ generate_keypair (const char *fname, const char *card_serialno,
           sprintf( r->u.value, "%d", PUBKEY_ALGO_DSA );
           r->next = para;
           para = r;
-          tty_printf(_("DSA keypair will have 1024 bits.\n"));
+          tty_printf(_("DSA keypair will have %u bits.\n"),1024);
           r = m_alloc_clear( sizeof *r + 20 );
           r->key = pKEYLENGTH;
           strcpy( r->u.value, "1024" );