Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#42774 - [gnupg] --enable-large-rsa broken due to missing build option
Attached to Project:
Arch Linux
Opened by Vincent Brillault (Feandil) - Thursday, 13 November 2014, 13:41 GMT
Last edited by Gaetan Bisson (vesath) - Friday, 14 November 2014, 16:25 GMT
Opened by Vincent Brillault (Feandil) - Thursday, 13 November 2014, 13:41 GMT
Last edited by Gaetan Bisson (vesath) - Friday, 14 November 2014, 16:25 GMT
|
DetailsDescription:
When using --enable-large-rsa on gnupg-2.1.0, the following error message is shown: ''gpg: WARNING: gpg not built with large secure memory buffer. Ignoring --enable-large-rsa'' I've recompiled the package with --enable-large-secmem and the warning message is gone Additional info: * package version(s): 2.1.0-3 (testing) Steps to reproduce: - gpg --enable-large-rsa --full-gen-key 
gnupg-enable-large-secmem.pat...
(0.2 KiB)
|
This task depends upon
Closed by Gaetan Bisson (vesath)
Friday, 14 November 2014, 16:25 GMT
Reason for closing: Won't fix
Additional comments about closing: We rest on upstream defaults whenever possible.
Friday, 14 November 2014, 16:25 GMT
Reason for closing: Won't fix
Additional comments about closing: We rest on upstream defaults whenever possible.
(A larger pool a 'secure memory' is required because the key material is larger than before
It is strange that upstream now support a --enable-large-rsa option but does not compile by default with its support.
The real question is, as you said, 'do we want to support "large RSA keys"?' and I do not think I have the qualification (from a cryptography point of view) to discuss the reasons behind the arbitrary limits of 4/8k. ('large' RSA keys, as in gnupg-2.1.0, are 8k RSA keys while the current maximum is 4k)
I personally believe that it would be better to enable it as there are so many patches out there that "allow you to generate 8k RSA keys", but can forget to double the size of the secure memory, like this one: http://mywayonlinux.blogspot.fr/2014/01/generate-8192-bytes-key-arch-linux.html
(And I am using a 8k RSA key (with 4k subkeys, which are the ones really used))
If 8k RSA key generation is the only reason to enable large-secmem then I am unwilling to do it.
For the record, the change was introduced via http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6cabb7a2a18f871b8c3d5de58bcdc5aaa5b201af
(which may be related to this recent restriction: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=03f0b51fe454f8dbe77c302897f7a5899c4c5380)