Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1036466

Summary: Remove crypto throttle
Product: [Fedora] Fedora Reporter: Peter Backes <rtc>
Component: gnupg2Assignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: bcl, fedora, jamielinux, mjg, rdieter, slukasik, tmraz
Target Milestone: ---Keywords: FutureFeature, Reopened
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: gnupg2-2.2.0-1.fc26 gnupg2-2.2.0-1.fc27 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-09-08 03:49:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Backes 2013-12-02 04:35:25 UTC
Description of problem:
gpg has a hard coded crypto throttle in place, restricting asymmetric keys to 4096 bits.

In contrast, the NIST standard "Recommendation for Key Management, Special Publication 800-57 Part 1 Rev. 3, NIST, 07/2012" is recommending key sizes of 15360 bits to be used with 256 bit symmetric ciphers.

65535 has been reported to work and to be a reasonable limit, above which key generation takes too long to make sense.

(Trivial) patch is at https://deekayen.net/large-gpg-keys

Version-Release number of selected component (if applicable):
gnupg2-2.0.22-1.fc19.i686

How reproducible:
always

Steps to Reproduce:
1. gpg2 --gen-key

Actual results:
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 

Expected results:
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 65535 bits long.
What keysize do you want? (2048)

Comment 1 Michael J Gruber 2014-01-14 09:21:48 UTC
While the change is trivial, it is an enhancement that should best be done upstream, wouldn't it?

Also: With the new ECC initiative in Fedora, won't we be able to use ECC keys? Or are they still banned by RH legal?

Comment 2 Tomas Mraz 2014-01-14 09:34:51 UTC
(In reply to Michael J Gruber from comment #1)
> While the change is trivial, it is an enhancement that should best be done
> upstream, wouldn't it?
Yes, I agree.

> Also: With the new ECC initiative in Fedora, won't we be able to use ECC
> keys? Or are they still banned by RH legal?
The support for ECDSA/ECDH is only in the development branch of gnupg upstream.

Comment 3 Peter Backes 2014-01-14 12:38:50 UTC
(In reply to Michael J Gruber from comment #1)
> While the change is trivial, it is an enhancement that should best be done
> upstream, wouldn't it?

According to http://gagravarr.livejournal.com/137173.html upstream is refusing to make that change, with strange justifications: "they think that for most people going to 8192 bits will just make things slower, without delivering much more security, so they feel that anyone who wants a longer key should have to think about it, and explicitly enable it themselves."

Comment 4 Christian Stadelmann 2015-01-25 19:32:15 UTC
I can confirm that upstream is refusing to make this change because of performance issues. I think when it comes to security performance must not matter.

Comment 5 Jaroslav Reznik 2015-03-03 15:15:02 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Comment 6 Fedora End Of Life 2016-07-19 19:27:56 UTC
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Comment 7 Christian Stadelmann 2016-07-20 16:04:04 UTC
Bug still present. Please reopen and change version to F24.

Comment 8 Rex Dieter 2016-07-20 16:18:18 UTC
Depends if fedora's maintainer(s) agree with upstream (close->wontfix) or not (patch around it).

Comment 9 Tomas Mraz 2016-07-21 08:35:54 UTC
I do not agree fully with the upstream reasoning as there might be valid reasons to use large keys, on the other hand I am not so sure it is worth the effort to patch it downstream. If someone provided such patch (including documentation changes) I would apply it though.

Comment 10 Christian Stadelmann 2016-07-21 16:35:32 UTC
People have done this before:
https://deekayen.net/large-gpg-keys
https://lists.gnupg.org/pipermail/gnupg-devel/2014-October/028930.html

Comment 11 Fedora Update System 2017-09-05 16:04:22 UTC
gnupg2-2.2.0-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-22bee61e57

Comment 12 Fedora Update System 2017-09-05 16:04:41 UTC
gnupg2-2.2.0-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-a43ed4a971

Comment 13 Christian Stadelmann 2017-09-05 18:04:49 UTC
This bug report is marked as modified, but I don't see any indication that this bug is really fixed. Neither the upstream release announcement nor its NEWS or README file indicate any change related to this bug report, as does the Fedora spec file on https://src.fedoraproject.org/rpms/gnupg2/commits/master. I think there has been a mistake here.

Comment 14 Tomas Mraz 2017-09-06 07:21:08 UTC
The Fedora spec contains the change and it enables the upstream large RSA key support = 8192 bit keys. We will not deviate from upstream in enabling even larger keys.

Comment 15 Christian Stadelmann 2017-09-06 07:35:51 UTC
(In reply to Tomas Mraz from comment #14)
> The Fedora spec contains the change and it enables the upstream large RSA
> key support = 8192 bit keys. We will not deviate from upstream in enabling
> even larger keys.

Ok, thanks for the hint and sorry for the noise.

Comment 16 Fedora Update System 2017-09-06 22:29:47 UTC
gnupg2-2.2.0-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-22bee61e57

Comment 17 Fedora Update System 2017-09-07 14:31:37 UTC
gnupg2-2.2.0-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-a43ed4a971

Comment 18 Fedora Update System 2017-09-08 03:49:55 UTC
gnupg2-2.2.0-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2017-09-30 06:17:47 UTC
gnupg2-2.2.0-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.