Anne Onime
2011-05-18 22:29:17 UTC
I wanted to generate the RSA gnupg key with length of 16384 bits.
Previously it was sufficient to increase the maximum key length:
--- gnupg2-2.0.17.orig/g10/keygen.c
+++ gnupg2-2.0.17/g10/keygen.c
@@ -1774,7 +1774,7 @@ ask_algo (int addmode, int *r_subkey_alg
static unsigned
ask_keysize (int algo, unsigned int primary_keysize)
{
- unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
+ unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=16384;
int for_subkey = !!primary_keysize;
int autocomp = 0;
Now it appears, that the above modification is not sufficient.
Generation of key ends with out of memory error.
To succesfully generate the 16k bit RSA key one needs to increase
amount of allocated "secure memory":
--- gnupg2-2.0.17.orig/g10/gpg.c
+++ gnupg2-2.0.17/g10/gpg.c
@@ -2050,7 +2050,7 @@ main (int argc, char **argv)
#endif
/* Initialize the secure memory. */
- if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
+ if (!gcry_control (GCRYCTL_INIT_SECMEM, 65536, 0))
got_secmem = 1;
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
/* There should be no way to get to this spot while still carrying
After above modifications I was able to successfully generate 16384 bits RSA
key.
Previously it was sufficient to increase the maximum key length:
--- gnupg2-2.0.17.orig/g10/keygen.c
+++ gnupg2-2.0.17/g10/keygen.c
@@ -1774,7 +1774,7 @@ ask_algo (int addmode, int *r_subkey_alg
static unsigned
ask_keysize (int algo, unsigned int primary_keysize)
{
- unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
+ unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=16384;
int for_subkey = !!primary_keysize;
int autocomp = 0;
Now it appears, that the above modification is not sufficient.
Generation of key ends with out of memory error.
To succesfully generate the 16k bit RSA key one needs to increase
amount of allocated "secure memory":
--- gnupg2-2.0.17.orig/g10/gpg.c
+++ gnupg2-2.0.17/g10/gpg.c
@@ -2050,7 +2050,7 @@ main (int argc, char **argv)
#endif
/* Initialize the secure memory. */
- if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
+ if (!gcry_control (GCRYCTL_INIT_SECMEM, 65536, 0))
got_secmem = 1;
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
/* There should be no way to get to this spot while still carrying
After above modifications I was able to successfully generate 16384 bits RSA
key.