Mailing List Archive: GnuPG: devel

RSA+RSA is now the default

Index | Next | Previous | View Threaded

wk at gnupg

May 17, 2009, 5:00 AM

Post #1 of 12 (1570 views)
Permalink

RSA+RSA is now the default

Hi!

I just committed changes to the GnuPG trunk to make RSA with an RSA
subkey the default. This also changes the order of the presented
algorithms, but 1 is still the default. The interactive --gen-key has
never been intended for use by frontends, thus this change may only
reveal buggy frontends ;-). Frontends should use the --batch key
generation with a parameter file and thus need to change the default
algorithm on their own (I already did this for GPA).

Here is the new prompt in standard mode:

$ gpg2 -v --gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
[...]

and here in expert mode which allows to select the subkey size:

$ gpg2 -v --gen-key --expert
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want for the subkey? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
[...]

I hope this is okay.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

nicholas.cole at gmail

May 23, 2009, 12:51 PM

Post #2 of 12 (1504 views)
Permalink

Re: RSA+RSA is now the default [In reply to]

On Sun, May 17, 2009 at 1:00 PM, Werner Koch <wk [at] gnupg> wrote:
> Hi!
>
> I just committed changes to the GnuPG trunk to make RSA with an RSA
> subkey the default. This also changes the order of the presented
> algorithms, but 1 is still the default.

Dear Warner,

Will the order of the add sub key menu of algorithms also change?
Consistency across versions is always a good thing. IIRC in the past
when algorithms have changed or been removed the menus have remained
as consistent as possible across versions.

So, for example, there is no particular reason why the default answer
has to be number 1.

Best wishes,

Nicholas

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

wk at gnupg

May 25, 2009, 1:04 AM

Post #3 of 12 (1492 views)
Permalink

Re: RSA+RSA is now the default [In reply to]

On Sat, 23 May 2009 21:51, nicholas.cole [at] gmail said:

> Will the order of the add sub key menu of algorithms also change?

Yes, I changed them so that they are imho grouped in a more logically
way.

> So, for example, there is no particular reason why the default answer
> has to be number 1.

I thought about this and came to the conclusion that it is better to use
1 for the default. Despite that scripts should not use the menu to
generate a key, I am pretty sure that there are some applications which
do it nevertheless. Using 1 for the default ensures that the new
default is taken.

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

nicholas.cole at gmail

May 25, 2009, 9:46 AM

Post #4 of 12 (1503 views)
Permalink

Re: RSA+RSA is now the default [In reply to]

On Mon, May 25, 2009 at 9:04 AM, Werner Koch <wk [at] gnupg> wrote:
> On Sat, 23 May 2009 21:51, nicholas.cole [at] gmail said:
>
>> Will the order of the add sub key menu of algorithms also change?
>
> Yes, I changed them so that they are imho grouped in a more logically
> way.

Could I therefore make a plea that the new order is clearly documented
in the Changelog? :-)

>> So, for example, there is no particular reason why the default answer
>> has to be number 1.
>
> I thought about this and came to the conclusion that it is better to use
> 1 for the default. Despite that scripts should not use the menu to
> generate a key, I am pretty sure that there are some applications which
> do it nevertheless. Using 1 for the default ensures that the new
> default is taken.

It's a small point and I don't mean to get side-tracked, but if any
front-ends have used this menu, I rather fear that you have replaced
one evil (not using the right default) with a worse one - presenting
one thing in the front end and doing another behind the scenes!

Best wishes,

Nicholas

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

nicholas.cole at gmail

May 25, 2009, 9:51 AM

Post #5 of 12 (1501 views)
Permalink

Re: RSA+RSA is now the default [In reply to]

On Mon, May 25, 2009 at 5:46 PM, Nicholas Cole <nicholas.cole [at] gmail> wrote:
> On Mon, May 25, 2009 at 9:04 AM, Werner Koch <wk [at] gnupg> wrote:
>> On Sat, 23 May 2009 21:51, nicholas.cole [at] gmail said:
>>
>>> Will the order of the add sub key menu of algorithms also change?
>>
>> Yes, I changed them so that they are imho grouped in a more logically
>> way.
>
> Could I therefore make a plea that the new order is clearly documented
> in the Changelog? :-)

PS. I don't suppose that an option like --use-consistent-menus (so
that changes of this type did not upset frontends) would find any
support? ;-)

N

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

wk at gnupg

May 25, 2009, 11:39 AM

Post #6 of 12 (1501 views)
Permalink

Re: RSA+RSA is now the default [In reply to]

On Mon, 25 May 2009 18:51, nicholas.cole [at] gmail said:

> PS. I don't suppose that an option like --use-consistent-menus (so
> that changes of this type did not upset frontends) would find any
> support? ;-)

No.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

wk at gnupg

May 25, 2009, 11:46 AM

Post #7 of 12 (1500 views)
Permalink

Re: RSA+RSA is now the default [In reply to]

On Mon, 25 May 2009 18:46, nicholas.cole [at] gmail said:

> Could I therefore make a plea that the new order is clearly documented
> in the Changelog? :-)

You mean so that it won't change in the future? I don't think that is a
good idea.

I expect users to actually read the menu. If they don't read it, I
assume that they will select the first item and thus this should be the
default.

> It's a small point and I don't mean to get side-tracked, but if any
> front-ends have used this menu, I rather fear that you have replaced

That is quite possible. Making --fixed-list-mode the default was a more
incompatible change; despite that I know only of one tool which fails
(kgpg). Thus I doubt that there will be many problems with a change in
this menu. Actually the key generation menu has always been dynamic
(check --expert, --enable-dsa) and problems should have popped up
already.

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

cwal989 at comcast

May 25, 2009, 9:16 PM

Post #8 of 12 (1498 views)
Permalink

Re: RSA+RSA is now the default [In reply to]

Werner Koch wrote:
> Hi!
>
> I just committed changes to the GnuPG trunk to make RSA with an RSA
> subkey the default. This also changes the order of the presented
> algorithms, but 1 is still the default. The interactive --gen-key
> has never been intended for use by frontends, thus this change may
> only reveal buggy frontends ;-). Frontends should use the --batch
> key generation with a parameter file and thus need to change the
> default algorithm on their own (I already did this for GPA).
[snip]
> I hope this is okay.
>
>
> Shalom-Salam,
>
> Werner
Hi,

That's no problem for me. I've been making RSA + RSA keypairs for some
time now. Of course, I am
the guy who tested out ECC... LOL! No one could read my messages - now
that's secure.

Regards,
Chris

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

nicholas.cole at gmail

Jun 1, 2009, 7:02 AM

Post #9 of 12 (1471 views)
Permalink

Re: RSA+RSA is now the default [In reply to]

wk at gnupg

Jun 5, 2009, 9:55 AM

Post #10 of 12 (1457 views)
Permalink

Re: RSA+RSA is now the default [In reply to]

On Mon, 1 Jun 2009 16:02, nicholas.cole [at] gmail said:

> Is there any way that the list of algorithms could be available in the
> --status-fd output (ie. for when --no-tty has to be used or no
> terminal is present?)

The key generation dialog has been written for a human user and all
scripts should use the batch mode.

What I plan is to have a new interface which lists the default
algorithms and related information. This allows frontends to use the
batch mode key generation while taking the actual algorithms from GnuPG.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

nicholas.cole at gmail

Jun 5, 2009, 3:02 PM

Post #11 of 12 (1455 views)
Permalink

Re: RSA+RSA is now the default [In reply to]

On Fri, Jun 5, 2009 at 5:55 PM, Werner Koch<wk [at] gnupg> wrote:
> On Mon, 1 Jun 2009 16:02, nicholas.cole [at] gmail said:
>
>> Is there any way that the list of algorithms could be available in the
>> --status-fd output (ie. for when --no-tty has to be used or no
>> terminal is present?)
>
> The key generation dialog has been written for a human user and all
> scripts should use the batch mode.
>
> What I plan is to have a new interface which lists the default
> algorithms and related information. This allows frontends to use the
> batch mode key generation while taking the actual algorithms from GnuPG.

Fantastic! Though I was actually talking about the addsubkey menu,
not the create key menu. I don't quite understand why that menu has
to be sent to the terminal only (rather than stdout) - since it would
be easy to parse.

N

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

wk at gnupg

Jun 28, 2009, 4:06 AM

Post #12 of 12 (1359 views)
Permalink

Re: RSA+RSA is now the default [In reply to]

On Sat, 6 Jun 2009 00:02, nicholas.cole [at] gmail said:

> Fantastic! Though I was actually talking about the addsubkey menu,
> not the create key menu. I don't quite understand why that menu has
> to be sent to the terminal only (rather than stdout) - since it would

That is because it uses the same code as --gen-key. I plan to add
subkey maintenance to GPA and the course of doing that I probably will
run into the same problems you get. Needs to be fixed then.

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads