From file ChangeLog:
2014-10-10 Daniel Kahn Gillmor <firstname.lastname@example.org>
gpg: Add build and runtime support for larger RSA keys.
+ commit 6cabb7a2a18f871b8c3d5de58bcdc5aaa5b201af
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.
Please add this build option to selectable port options.
I like this idea.
Does it require both --enable-large-secmem and --enable-large-rsa to be enabled at the same time? Or is just --enable-large-rsa sufficient?
Have you tested it out? Does --enable-large-rsa do the right thing?
Created attachment 196194 [details]
Hmm.. Turns out, --enable-large-secmem is a configure knob that enables --enable-large-rsa gpg2 command line option. With --enable-large-rsa, gpg2 is able to generate 8192 bit RSA keys but only in batch non-interactive mode:
$ cat | ./work/stage/usr/local/bin/gpg2 --batch --generate-key --enable-large-rsa <<EOD
Name-Real: Joe Tester
$ gpg -K
sec rsa8192/0xE777A5ECF0FFEED0 2018-08-14 [SCEA]
uid [ultimate] Joe Tester <email@example.com>
Attached patch adds a new LARGE_RSA config knob (off by default).
Created attachment 196195 [details]
Patch to allow selecting 8192-bit keys during interactive key generation (--full-generate-key --enable-large-rsa).
This is not officially supported GnuPG behaviour, so I'm not sure if we want to enable this either.
Comment on attachment 196195 [details]
I'm definitely not adding that interactive patch. If you want that capability, submit it upstream.
A commit references this bug:
Date: Thu Aug 30 14:45:56 UTC 2018
New revision: 478464
Update gnupg to 2.2.10 and add LARGE_RSA option
The LARGE_RSA option  enables 8192-bit keys, though GnuPG's lead
author does not recommend using it routinely.
Also, sort OPTIONS, and move an explanation of the SUID option from
the Makefile into pkg-help, where it belongs.
gpg: Refresh expired keys originating from the WKD.
gpg: Use a 256 KiB limit for a WKD imported key.
gpg: New option --known-notation.
scd: Add support for the Trustica Cryptoucan reader.
agent: Speed up starting during on-demand launching.
dirmngr: Validate SRV records in WKD queries.
PR: 230610 
Submitted by: Dmitri Goutnik
Reported by: p5B2E9A8F t online de
I've added the LARGE_RSA patch, but not the interactive patch. Thanks to you both for the work here.