From: Lorenz Hüdepohl Date: 2014-11-27 17:01:07 +0000 Subject: Continue to support existing large RSA keys References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 Upstream: no For RSA keys up to probably 8192 bits it seems to be enough to call configure with the additional options --enable-large-secmem --enable-large-rsa However, there are existing keys out there that are even larger. Werner Koch thinks that it is silly to use keys that are this large. He is probably even right with this, which is why this patch still does not allow to create new keys larger than the set maximum (4096/8192 depending on whether enable-large-rsa is set in gpg.conf). I still want to continue to use my existing 10k bits key, though. --- diff -ur gnupg-2.1.0.org/agent/command.c gnupg-2.1.0/agent/command.c --- gnupg-2.1.0.org/agent/command.c 2014-11-04 17:10:44.000000000 +0200 +++ gnupg-2.1.0/agent/command.c 2014-11-26 18:04:11.548271074 +0200 @@ -47,7 +47,7 @@ /* Maximum allowed size of the key parameters. */ #define MAXLEN_KEYPARAM 1024 /* Maximum allowed size of key data as used in inquiries (bytes). */ -#define MAXLEN_KEYDATA 4096 +#define MAXLEN_KEYDATA 8192 /* The size of the import/export KEK key (in bytes). */ #define KEYWRAP_KEYSIZE (128/8) diff -ur gnupg-2.1.0.org/configure.ac gnupg-2.1.0/configure.ac --- gnupg-2.1.0.org/configure.ac 2014-11-04 17:09:28.000000000 +0200 +++ gnupg-2.1.0/configure.ac 2014-11-17 19:40:28.632527090 +0200 @@ -230,7 +230,7 @@ large_secmem=$enableval, large_secmem=no) AC_MSG_RESULT($large_secmem) if test "$large_secmem" = yes ; then - SECMEM_BUFFER_SIZE=65536 + SECMEM_BUFFER_SIZE=262144 else SECMEM_BUFFER_SIZE=32768 fi