[imp] Re: Horde3.0.3/IMP4.0.2: PGP/GPG

Anton Köstlbacher horde3 at dingsbums.org
Wed Mar 2 08:44:36 PST 2005


Hello all,
this is correct, there is no limitation of the GPG-Version. See the 
output below
(in german, sorry) of GPG, if i generate a new keypair manually.

Could it be possibly a bug in IMP?

Thanks and Greetings,
Anton Köstlbacher

________________________________________________
gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Bitte wählen Sie, welche Art von Schlüssel Sie möchten:
   (1) DSA und ElGamal (voreingestellt)
   (2) DSA (nur signieren/beglaubigen)
Ihre Auswahl? 1
Der DSA Schlüssel wird 1024 Bit haben.
Es wird ein neues ELG-E Schlüsselpaar erzeugt.
              kleinste Schlüssellänge ist  768 Bit
              standard Schlüssellänge ist 1024 Bit
      größte sinnvolle Schlüssellänge ist 2048 Bit
Welche Schlüssellänge wünschen Sie? (1024) 2048
Brauchen Sie wirklich einen derartig langen Schlüssel? y
Die verlangte Schlüssellänge beträgt 2048 Bit
________________________________________________

Zitat von Aleksandar Milivojevic <amilivojevic at pbl.ca>:

> Jan Schneider wrote:
>> Zitat von Anton Köstlbacher <horde3 at dingsbums.org>:
>>
>>> Hello Horde3-Team,
>>> i have a few little problems using the pgp/gpg-functionality in
>>> the new Horde3.0.3/IMP4.0.2. If I choose to generate a new
>>> keypair with a Keylength of 2048 bits i find the following
>>> output in my apache error_log:
>>>
>>>  gpg: keysize invalid; using 1024 bits
>>
>> Seems to be a limit of your GPG version.
>
> I don't remember any such (low) limits on key sizes in any version of
> GPG (or PGP).
>
> Most likely, what is happening is that he is generating default key
> type, which is DSA for main key (used for signing only) and ElGamal for
> secondary key (used for encryption only).  DSA key type has limitation
> to 1024 bits (nothing to do with GPG/PGP, it is limitation of that key
> type).  ElGamal keys can be up to 4096 bits long.  The only software
> limitation that GPG has is preventing users to generate keys longer than
> 4096 bits, even if key type supports it.  This is because cracking 2048
> bit key would be way more expensive and complicated than some other
> means of getting the information without cracking the key at all.  I
> have one 4096 bit key that I almost never use (and if I knew back then
> when I created it what I know now, I would create it as 2048 bit key).
>
> Most likely, the problem is with how IMP interacts with GPG.  If it is
> generating default key types, it should leave key length for main key
> (DSA) at its default (1024 bit) and pass user's value for key length as
> parameter for ElGamal (encryption) subkey.
>
> I'd suggest that OP do "gpg --list-secret-keys" on his keyring, and post
> the output for the key IMP generated.  If it says 1024 bits for both
> keys, than IMP should be fixed.  If it says 1024 bits for DSA and
> whatever OP entered for key lenght for ElGamal key, the message he found
> in Apache's log file can be safely ignored (however, it would still be
> nice to fix IMP not to attempt using illegal key lenghts for DSA key).
> Basically, IMP should have a knowledge of what it is instructing GPG (or
> PGP) to do.
>
> --
> Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
> Systems Administrator                           1499 Buffalo Place
> Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7
> --
> IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe at lists.horde.org
>




More information about the imp mailing list