[imp] Horde3.0.3/IMP4.0.2: PGP/GPG

Jan Schneider jan at horde.org
Mon Apr 25 13:25:58 PDT 2005 

Zitat von Anton Köstlbacher <horde3 at dingsbums.org>:

> Hello all,
> this is correct, there is no limitation of the GPG-Version. See the
> output below
> (in german, sorry) of GPG, if i generate a new keypair manually.
>
> Could it be possibly a bug in IMP?

Not in IMP, but in Horde. I've changed the key generation code to use 
1024 bit keys for the primary DSA key.

> ________________________________________________
> gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
> This program comes with ABSOLUTELY NO WARRANTY.
> This is free software, and you are welcome to redistribute it
> under certain conditions. See the file COPYING for details.
>
> Bitte wählen Sie, welche Art von Schlüssel Sie möchten:
>   (1) DSA und ElGamal (voreingestellt)
>   (2) DSA (nur signieren/beglaubigen)
> Ihre Auswahl? 1
> Der DSA Schlüssel wird 1024 Bit haben.
> Es wird ein neues ELG-E Schlüsselpaar erzeugt.
>              kleinste Schlüssellänge ist  768 Bit
>              standard Schlüssellänge ist 1024 Bit
>      größte sinnvolle Schlüssellänge ist 2048 Bit
> Welche Schlüssellänge wünschen Sie? (1024) 2048
> Brauchen Sie wirklich einen derartig langen Schlüssel? y
> Die verlangte Schlüssellänge beträgt 2048 Bit
> ________________________________________________
>
> Zitat von Aleksandar Milivojevic <amilivojevic at pbl.ca>:
>
>> Jan Schneider wrote:
>>> Zitat von Anton Köstlbacher <horde3 at dingsbums.org>:
>>>
>>>> Hello Horde3-Team,
>>>> i have a few little problems using the pgp/gpg-functionality in
>>>> the new Horde3.0.3/IMP4.0.2. If I choose to generate a new
>>>> keypair with a Keylength of 2048 bits i find the following
>>>> output in my apache error_log:
>>>>
>>>>  gpg: keysize invalid; using 1024 bits
>>>
>>> Seems to be a limit of your GPG version.
>>
>> I don't remember any such (low) limits on key sizes in any version of
>> GPG (or PGP).
>>
>> Most likely, what is happening is that he is generating default key
>> type, which is DSA for main key (used for signing only) and ElGamal for
>> secondary key (used for encryption only).  DSA key type has limitation
>> to 1024 bits (nothing to do with GPG/PGP, it is limitation of that key
>> type).  ElGamal keys can be up to 4096 bits long.  The only software
>> limitation that GPG has is preventing users to generate keys longer than
>> 4096 bits, even if key type supports it.  This is because cracking 2048
>> bit key would be way more expensive and complicated than some other
>> means of getting the information without cracking the key at all.  I
>> have one 4096 bit key that I almost never use (and if I knew back then
>> when I created it what I know now, I would create it as 2048 bit key).
>>
>> Most likely, the problem is with how IMP interacts with GPG.  If it is
>> generating default key types, it should leave key length for main key
>> (DSA) at its default (1024 bit) and pass user's value for key length as
>> parameter for ElGamal (encryption) subkey.
>>
>> I'd suggest that OP do "gpg --list-secret-keys" on his keyring, and post
>> the output for the key IMP generated.  If it says 1024 bits for both
>> keys, than IMP should be fixed.  If it says 1024 bits for DSA and
>> whatever OP entered for key lenght for ElGamal key, the message he found
>> in Apache's log file can be safely ignored (however, it would still be
>> nice to fix IMP not to attempt using illegal key lenghts for DSA key).
>> Basically, IMP should have a knowledge of what it is instructing GPG (or
>> PGP) to do.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/

More information about the imp mailing list