Just created a brand new OpenPGP key. You will find a copy in the About Me section.
I decided to create a 8k RSA keypair mostly for the following reasons:
- ECC does currently not work in my communication environment.
- I first created a 256 bit ECC keypair but sadly had to find out that only GnuPG >= 2.1 (released end-2014) supports this fully but many people and systems rely on older GnuPG. Disappointingly I made the first real world experiences already before I encrypted a single mail with ECC.
- a 8192 bit RSA key, according to https://www.keylength.com/, provides a good security level for the next 15+ years
The reason for why I prefer a larger key is because OpenPGP – as an email end-to-end encryption standard – does not provide perfect forward secrecy. Since we know that institutions exist, which dumps large part of all Internet traffic, I'd like to provide my communication partners confidentiality beyond a decade!
What crypto parameters uses others?
Always an interesting question while choosing ones own crypto parameters is to have a look what others do. Four crypto researchers I frequently read are Bruce Schneier, Matthew Green, Daniel Bernstein and Mikko Hypponen. While Daniel does not provide any hint to a OpenPGP key the other three choose all slightly different parameters.
Bruce created a 4k RSA key in September 2013 with no expiration date. He uses AES256, AES192, AES, CAST5, 3DES and IDEA as symmetric ciphers and SHA256, SHA1, SHA384, SHA512, SHA224 as hash functions (Compression: ZLIB, BZIP2, ZIP, Uncompressed).
Matthew created a 4k RSA key in June 2013 which expires in mid-2018. He uses AES256, AES192, AES, CAST5 and 3DES as symmetric ciphers and SHA512, SHA384, SHA256, SHA224 and SHA1 as hash functions (Compression: ZLIB, BZIP2, ZIP, Uncompressed).
Mikko created a 4k Elgamal key in September 2013 with no expiration date. He uses AES256, AES192, AES, CAST5, 3DES, IDEA and TWOFISH as symmetric ciphers and SHA256, SHA384, SHA512, RIPEMD160 and SHA1 as hash functions (Compression: Uncompressed, BZIP2, ZLIB, ZIP).
To me the most interesting pattern in these three public key is the fact that all of them created a new key from mid-2013. Coincidence? Probably this is more related to Snowden disclosure about the NSA and its partners…
SHA1 and 3DES
The current OpenPGP specification stats that SHA1 and 3DES are the least common divisor, therefore GnuPG has both ciphers hard coded. While this year the first practical collision on SHA1 was found, 3DES is not broken, but we definitely have more future proof alternatives so one has a legitimate reason to not relay on those ciphers.
Here, one stumbles into a more fundamental problem. From a crypto software implementation perspective there are legitimate concerns about compatibility reasons, since RFC 4880 specifies them. A revision of RFC 4880 is currently in the working queue. According to Werner Koch, the main author behind the RFC and GnuPG, the new draft while be reworked regarding the cipher algorithms.
For now one has to life with those default settings. IMHO the best approach is to offer a communication partner as many as possible good/secure ciphers as possible so she/he has no excuse to fall back to SHA1 and/or 3DES.
To WoT or not to WoT
Because of privacy concerns I decided to not use Web of Trust features in my public key. Of course I sign verified public keys of others but just locally for myself. I will not import signatures of others into my public key.
How I created my new key
This is more a short documentation mostly for myself.
$ gpg --version gpg (GnuPG) 2.1.15 libgcrypt 1.7.6-beta $ gpg --enable-large-rsa --batch --full-gen-key Desktop/params.txt
$ cat Desktop/params.txt Key-Type: RSA Key-Length: 8192 Subkey-Type: RSA Subkey-Length: 8192 Name-Real: <name> Name-Email: <mail> Passphrase: <password> Preferences: S9 S13 S8 S12 S7 S11 S10 H10 H9 H8 Z3 Z2 Z1 %commit
After this I added an additional identity and then choose my preferred ciphers in the new identity. I choose
> setpref S9 S13 S8 S12 S7 S11 S10 H10 H9 H8 Z3 Z2 Z1 which means: AES256, CAMELLIA256, AES192, CAMELLIA192, AES, CAMELLIA128, TWOFISH, SHA512, SHA384, SHA256, BZIP2, ZLIB and ZIP.
RSA keys may be between 1024 and 4096 bits long, really?
If one likes to have a larger RSA key, GnuPG has to be compiled with the
--enable-large-secmem flag. Here a small how to on compiling GnuPG from source with this flag enabled.
$ sudo apt-get install build-essential fakeroot dpkg-dev $ mkdir build-gpg2 $ cd build-gpg2/ $ sudo apt-get source gnupg2 $ sudo apt-get build-dep gnupg2
If the last command does not automatically create a folder called
$ sudo dpkg-source -x gnupg2_2.1.15-1ubuntu7.dsc here to create it and change into it.
Here I'm not quite sure what flag the recompilation really uses, therefore I just created both temporary bash variables:
$ export DEB_BUILD_OPTIONS="--enable-large-secmem" $ export CFLAGS="--enable-large-secmem" $ sudo fakeroot debian/rules binary $ cd .. $ ls -l | grep deb$ $ sudo dpkg -i gnupg_2.1.15-1ubuntu7_amd64.deb
Now you should be able to use the
--enable-large-rsa flag with GnuPG.