[imp] Horde3.0.3/IMP4.0.2: PGP/GPG
Jan Schneider
jan at horde.org
Mon Apr 25 13:25:58 PDT 2005
Zitat von Anton Köstlbacher <horde3 at dingsbums.org>:
> Hello all,
> this is correct, there is no limitation of the GPG-Version. See the
> output below
> (in german, sorry) of GPG, if i generate a new keypair manually.
>
> Could it be possibly a bug in IMP?
Not in IMP, but in Horde. I've changed the key generation code to use
1024 bit keys for the primary DSA key.
> ________________________________________________
> gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
> This program comes with ABSOLUTELY NO WARRANTY.
> This is free software, and you are welcome to redistribute it
> under certain conditions. See the file COPYING for details.
>
> Bitte wählen Sie, welche Art von Schlüssel Sie möchten:
> (1) DSA und ElGamal (voreingestellt)
> (2) DSA (nur signieren/beglaubigen)
> Ihre Auswahl? 1
> Der DSA Schlüssel wird 1024 Bit haben.
> Es wird ein neues ELG-E Schlüsselpaar erzeugt.
> kleinste Schlüssellänge ist 768 Bit
> standard Schlüssellänge ist 1024 Bit
> größte sinnvolle Schlüssellänge ist 2048 Bit
> Welche Schlüssellänge wünschen Sie? (1024) 2048
> Brauchen Sie wirklich einen derartig langen Schlüssel? y
> Die verlangte Schlüssellänge beträgt 2048 Bit
> ________________________________________________
>
> Zitat von Aleksandar Milivojevic <amilivojevic at pbl.ca>:
>
>> Jan Schneider wrote:
>>> Zitat von Anton Köstlbacher <horde3 at dingsbums.org>:
>>>
>>>> Hello Horde3-Team,
>>>> i have a few little problems using the pgp/gpg-functionality in
>>>> the new Horde3.0.3/IMP4.0.2. If I choose to generate a new
>>>> keypair with a Keylength of 2048 bits i find the following
>>>> output in my apache error_log:
>>>>
>>>> gpg: keysize invalid; using 1024 bits
>>>
>>> Seems to be a limit of your GPG version.
>>
>> I don't remember any such (low) limits on key sizes in any version of
>> GPG (or PGP).
>>
>> Most likely, what is happening is that he is generating default key
>> type, which is DSA for main key (used for signing only) and ElGamal for
>> secondary key (used for encryption only). DSA key type has limitation
>> to 1024 bits (nothing to do with GPG/PGP, it is limitation of that key
>> type). ElGamal keys can be up to 4096 bits long. The only software
>> limitation that GPG has is preventing users to generate keys longer than
>> 4096 bits, even if key type supports it. This is because cracking 2048
>> bit key would be way more expensive and complicated than some other
>> means of getting the information without cracking the key at all. I
>> have one 4096 bit key that I almost never use (and if I knew back then
>> when I created it what I know now, I would create it as 2048 bit key).
>>
>> Most likely, the problem is with how IMP interacts with GPG. If it is
>> generating default key types, it should leave key length for main key
>> (DSA) at its default (1024 bit) and pass user's value for key length as
>> parameter for ElGamal (encryption) subkey.
>>
>> I'd suggest that OP do "gpg --list-secret-keys" on his keyring, and post
>> the output for the key IMP generated. If it says 1024 bits for both
>> keys, than IMP should be fixed. If it says 1024 bits for DSA and
>> whatever OP entered for key lenght for ElGamal key, the message he found
>> in Apache's log file can be safely ignored (however, it would still be
>> nice to fix IMP not to attempt using illegal key lenghts for DSA key).
>> Basically, IMP should have a knowledge of what it is instructing GPG (or
>> PGP) to do.
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the imp
mailing list