Saturday 29 November 2014

Generating PGP keys stronger than 4096 bit RSA

I will be transitioning from the pgp key I have been using for four years to a new one. The decision to move to a new one was taken four years ago, and recent news on privacy, applied cryptography and leaked information about practices of various authorities seem to resonate with my plans.

Four years ago I moved to a 4096-bit pgp key, and now, as I am about to generate a new one, the question about the preferred cryptographic algorithms and key sizes arises. Currently, GnuPG seems to support a maximum RSA key size of 4096. This post covers my process of generating a 8192-bit RSA key, and of course using SHA512, a hash function much stronger than SHA-1.

The limitation of GnuPG as shipped with Ubuntu 14.04

Many have written about the limitation of GnuPG to only support generating RSA keys up to 4096. This limitation is not imposed by the algorithm itself, but merely a decision of developers which may or may not be related to export regulations and similar legislation around the use of cryptographic technologies in the United States.

I will not go into any discussion on such legislative restrictions, and I will focus on technology stating that I am not a citizen of the US and any US law do not apply to me at my current location.

As GnuPG is open source free software, anyone can download the source, and alter the constant defining maximum key size to lift the current limitation. As there is no technical limitation why one could not generate 8196-bit, one can just change keygen.c and increase the key size limit, then compile and use the modified version. It is important to note here, than an unmodified GnuPG will works perfectly with a 8192-bit key, the only restriction is it will not offer one to create such keys out-of-the-box.

Avoiding recompilation without hacking binaries

There is a little known feature of GnuPG that allows one to generate 8192-bit keys without any modification. It supports unattended key generation that reads the configuration form an input file, and this esoteric feature is not subject to the limitation mentioned above.


$ cat params.txt
Key-Type: RSA
Key-Length: 8192
Subkey-Type: RSA
Subkey-Length: 8192
Name-Real: Tibor B****
Name-Email: tibor.b*****@gmail.com
Creation-Date: 20150101T000000
Expire-Date: 20191231T000000
Passphrase: !!!change it!!!
Preferences: S10 S9 S13 H10 Z3 Z2 Z1
%commit
%echo done
$ gpg --batch --gen-key params.txt

GnuPG 1.4.16, the version which ships with Ubuntu, gives the following error.

gpg: fatal: out of secure memory while allocating 4228 bytes

Enter GnuPG 2

Fortunately, GnuPG 2, which is the new modular version of GNU Privary Guard, is also packaged, one just has to install gnupg2, currently, version 2.0.22 ships with Ubuntu 14.04. GnuPG 2 does not have memory allocation issues and is able to generate the 8192-bit key.

Entropy

In order to increase the speed of key generation, I have installed the package rng-tools. This smart software allows one to use the hardware based true random number generator available on most modern PC chipsets and feed the kernel entropy pool. I have found this small utility to make an extremely big difference in accelerating key generation by drastically increasing the bandwidth of the random device, without trade-offs in security. I fail to see why this package is not part of the base installation of Ubuntu.

Transitioning to the new key

The process of transitioning to the new key has been described by others in sufficient detail, please see here for a good HOWTO.

Make sure to also update your gpg config, and read up on the current status of the cipher and digest algorithms supported by GnuPG. Pick your preferred ones wisely.