1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
Author: Daniel Baumann <daniel.baumann@progress-linux.org>
Subject: gpgsm: default to 4096-bit keys.
diff -Naurp gnupg2.orig/doc/gpgsm.texi gnupg2/doc/gpgsm.texi
--- gnupg2.orig/doc/gpgsm.texi
+++ gnupg2/doc/gpgsm.texi
@@ -1124,7 +1124,7 @@ key. The algorithm must be capable of si
parameter. The only supported value for @var{algo} is @samp{rsa}.
@item Key-Length: @var{nbits}
-The requested length of a generated key in bits. Defaults to 3072.
+The requested length of a generated key in bits. Defaults to 4096.
@item Key-Grip: @var{hexstring}
This is optional and used to generate a CSR or certificate for an
diff -Naurp gnupg2.orig/doc/howto-create-a-server-cert.texi gnupg2/doc/howto-create-a-server-cert.texi
--- gnupg2.orig/doc/howto-create-a-server-cert.texi
+++ gnupg2/doc/howto-create-a-server-cert.texi
@@ -31,12 +31,12 @@ Let's continue:
@cartouche
@example
- What keysize do you want? (3072)
- Requested keysize is 3072 bits
+ What keysize do you want? (4096)
+ Requested keysize is 4096 bits
@end example
@end cartouche
-Hitting enter chooses the default RSA key size of 3072 bits. Keys
+Hitting enter chooses the default RSA key size of 4096 bits. Keys
smaller than 2048 bits are too weak on the modern Internet. If you
choose a larger (stronger) key, your server will need to do more work.
@@ -124,7 +124,7 @@ request:
@example
These parameters are used:
Key-Type: RSA
- Key-Length: 3072
+ Key-Length: 4096
Key-Usage: sign, encrypt
Name-DN: CN=example.com
Name-DNS: example.com
@@ -224,7 +224,7 @@ To see the content of your certificate,
aka: (dns-name example.com)
aka: (dns-name www.example.com)
validity: 2015-07-01 16:20:51 through 2016-07-01 16:20:51
- key type: 3072 bit RSA
+ key type: 4096 bit RSA
key usage: digitalSignature keyEncipherment
ext key usage: clientAuth (suggested), serverAuth (suggested), [...]
fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:D8:19:E9:65:B9:4F:BD:B1:98:CC:57
diff -Naurp gnupg2.orig/sm/certreqgen.c gnupg2/sm/certreqgen.c
--- gnupg2.orig/sm/certreqgen.c
+++ gnupg2/sm/certreqgen.c
@@ -26,7 +26,7 @@
$ cat >foo <<EOF
%echo Generating a standard key
Key-Type: RSA
- Key-Length: 3072
+ Key-Length: 4096
Name-DN: CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=Ddorf,C=DE
Name-Email: joe@foo.bar
# Do a commit here, so that we can later print a "done"
@@ -471,7 +471,7 @@ proc_parameters (ctrl_t ctrl, struct par
/* Check the keylength. NOTE: If you change this make sure that it
macthes the gpgconflist item in gpgsm.c */
if (!get_parameter (para, pKEYLENGTH, 0))
- nbits = 3072;
+ nbits = 4096;
else
nbits = get_parameter_uint (para, pKEYLENGTH);
if ((nbits < 1024 || nbits > 4096) && !cardkeyid)
diff -Naurp gnupg2.orig/sm/certreqgen-ui.c gnupg2/sm/certreqgen-ui.c
--- gnupg2.orig/sm/certreqgen-ui.c
+++ gnupg2/sm/certreqgen-ui.c
@@ -138,7 +138,7 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estre
unsigned int nbits;
int minbits = 1024;
int maxbits = 4096;
- int defbits = 3072;
+ int defbits = 4096;
const char *keyusage;
char *subject_name;
membuf_t mb_email, mb_dns, mb_uri, mb_result;
diff -Naurp gnupg2.orig/sm/gpgsm.c gnupg2/sm/gpgsm.c
--- gnupg2.orig/sm/gpgsm.c
+++ gnupg2/sm/gpgsm.c
@@ -1737,7 +1737,7 @@ main ( int argc, char **argv)
/* The next one is an info only item and should match what
proc_parameters actually implements. */
es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
- "RSA-3072");
+ "RSA-4096");
}
break;
case aGPGConfTest:
|
