Got a couple suggestions for improvement of Kleopatra interface

Allow creation of keys/certs with name only and no email address. Sometimes you may not want to give out your real email address, and being required to put in some email (so you end up having to put in a fake one) is just an unnecessary step in creating your key/cert in that case.

In addition to the 4 sizes of key that are allowed now (1536, 2048, 3072, 4096), also allow allow the less secure 1024 size. This could theoretically be hacked, but for less secure requirements, 1024bits should be enough (particularly if you are using it to encrypt information you are sending that is only valid for a short time after it’s been sent, so if it was compromized, it likely would do the hacker no good). 1024bit keys are the fastest to generate, so if you plan to change your key frequently, this would be the one you want to use.

Also you know that SHA256 that you are using for hashing (for use in signatures and certificates)? Even more secure is the SHA512. That’s the most secure (to the point of being overkill in most cases) hash possible. I would like to see GPG (and associated programs like GPG4Win, Kleopatra, GPA, etc) start to use this much more secure hash. If quantum computers are ever designed that can brute-force crack SHA256, they still might have trouble cracking SHA512.

Hi Animedude,

thanks for your suggestions for Kleopatra!

For key length and hash algorithm discussion and suggestions
it is best to go to the gnupg mailinglists as Kleopatra only exposes
GnuPG functions in this regard.

Regards,
Bernhard

1024bit is supported by GPG. It’s just that Kleopatra doesn’t expose this value.