From file ChangeLog: 2014-10-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net> gpg: Add build and runtime support for larger RSA keys. + commit 6cabb7a2a18f871b8c3d5de58bcdc5aaa5b201af * configure.ac: Added --enable-large-secmem option. * g10/options.h: Add opt.flags.large_rsa. * g10/gpg.c: Contingent on configure option: adjust secmem size, add gpg --enable-large-rsa, bound to opt.flags.large_rsa. * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa * doc/gpg.texi: Document --enable-large-rsa. Please add this build option to selectable port options.
I like this idea. Does it require both --enable-large-secmem and --enable-large-rsa to be enabled at the same time? Or is just --enable-large-rsa sufficient? Have you tested it out? Does --enable-large-rsa do the right thing?
Created attachment 196194 [details] gnupg_batch_only-2.2.9_2.patch Hmm.. Turns out, --enable-large-secmem is a configure knob that enables --enable-large-rsa gpg2 command line option. With --enable-large-rsa, gpg2 is able to generate 8192 bit RSA keys but only in batch non-interactive mode: $ cat | ./work/stage/usr/local/bin/gpg2 --batch --generate-key --enable-large-rsa <<EOD Key-Type: 1 Key-Length: 8192 Name-Real: Joe Tester Name-Email: joe@foo.bar Passphrase: abc EOD $ gpg -K sec rsa8192/0xE777A5ECF0FFEED0 2018-08-14 [SCEA] 9384623D3A4C6B95CD32ECF9E777A5ECF0FFEED0 uid [ultimate] Joe Tester <joe@foo.bar> Attached patch adds a new LARGE_RSA config knob (off by default).
Created attachment 196195 [details] gnupg_interactive-2.2.9_2.patch Patch to allow selecting 8192-bit keys during interactive key generation (--full-generate-key --enable-large-rsa). This is not officially supported GnuPG behaviour, so I'm not sure if we want to enable this either.
Comment on attachment 196195 [details] gnupg_interactive-2.2.9_2.patch I'm definitely not adding that interactive patch. If you want that capability, submit it upstream.
A commit references this bug: Author: adamw Date: Thu Aug 30 14:45:56 UTC 2018 New revision: 478464 URL: https://svnweb.freebsd.org/changeset/ports/478464 Log: Update gnupg to 2.2.10 and add LARGE_RSA option The LARGE_RSA option [1] enables 8192-bit keys, though GnuPG's lead author does not recommend using it routinely. Also, sort OPTIONS, and move an explanation of the SUID option from the Makefile into pkg-help, where it belongs. Major changes: gpg: Refresh expired keys originating from the WKD. gpg: Use a 256 KiB limit for a WKD imported key. gpg: New option --known-notation. scd: Add support for the Trustica Cryptoucan reader. agent: Speed up starting during on-demand launching. dirmngr: Validate SRV records in WKD queries. Release-info: https://dev.gnupg.org/T4112 PR: 230610 [1] Submitted by: Dmitri Goutnik Reported by: p5B2E9A8F t online de Changes: head/security/gnupg/Makefile head/security/gnupg/distinfo head/security/gnupg/pkg-help
I've added the LARGE_RSA patch, but not the interactive patch. Thanks to you both for the work here.