[imp] Re: Horde3.0.3/IMP4.0.2: PGP/GPG

Aleksandar Milivojevic amilivojevic at pbl.ca
Wed Mar 2 07:13:21 PST 2005 

Jan Schneider wrote:
> Zitat von Anton Köstlbacher <horde3 at dingsbums.org>:
> 
>>Hello Horde3-Team,
>>i have a few little problems using the pgp/gpg-functionality in
>>the new Horde3.0.3/IMP4.0.2. If I choose to generate a new
>>keypair with a Keylength of 2048 bits i find the following
>>output in my apache error_log:
>>
>>  gpg: keysize invalid; using 1024 bits
> 
> Seems to be a limit of your GPG version.

I don't remember any such (low) limits on key sizes in any version of 
GPG (or PGP).

Most likely, what is happening is that he is generating default key 
type, which is DSA for main key (used for signing only) and ElGamal for 
secondary key (used for encryption only).  DSA key type has limitation 
to 1024 bits (nothing to do with GPG/PGP, it is limitation of that key 
type).  ElGamal keys can be up to 4096 bits long.  The only software 
limitation that GPG has is preventing users to generate keys longer than 
4096 bits, even if key type supports it.  This is because cracking 2048 
bit key would be way more expensive and complicated than some other 
means of getting the information without cracking the key at all.  I 
have one 4096 bit key that I almost never use (and if I knew back then 
when I created it what I know now, I would create it as 2048 bit key).

Most likely, the problem is with how IMP interacts with GPG.  If it is 
generating default key types, it should leave key length for main key 
(DSA) at its default (1024 bit) and pass user's value for key length as 
parameter for ElGamal (encryption) subkey.

I'd suggest that OP do "gpg --list-secret-keys" on his keyring, and post 
the output for the key IMP generated.  If it says 1024 bits for both 
keys, than IMP should be fixed.  If it says 1024 bits for DSA and 
whatever OP entered for key lenght for ElGamal key, the message he found 
in Apache's log file can be safely ignored (however, it would still be 
nice to fix IMP not to attempt using illegal key lenghts for DSA key). 
Basically, IMP should have a knowledge of what it is instructing GPG (or 
PGP) to do.

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

More information about the imp mailing list