It seems to be limited to 3072bit. Is there a hacked version of gpa.exe that permits the creation of 4096bit keys? If so, please point me to a link for it. Yes, Kleopatra is also a GUI and it does do 4096bit keys. But as I said before, it leaves way too many EXE files running. gpa.exe only leaves gpg-agent running, which is easy to close via my own process killer program (and my process killer program could even be programmed to launch gpa.exe in its next version). However, as long as gpa.exe is unable to send the command to generate 4096bit keys, it is as good as useless to me. I don’t take security lightly, so only the largest key supported by current technology satisfies me, and currently the largest generatable key using the RSA algorithm is 4096bits (maybe in the future there will be powerful enough computers to generate 8192bit RSA keys in a reasonable ammount of time, but such computers aren’t available to the general public yet). So far now I’m going with 4096bits. Anything less than 4096bits though is completely insecure as far as I’m concerned.
Hi AD,
consider http://wiki.gnupg.org/LargeKeys about the bit length debate.
Best regads,
Bernhard
That should be up to ME, the end user, NOT THE SOFTWARE. I have a philisophical belief, that software should provide the end-user with all the available options for the given specification (in this case, OpenPGP). GPG4Win’s commandline programs already make those available, but I prefer a GUI over commandline usage. Therefore, I believe that the GUI known as GPA, should ALSO make available all the features of the OpenPGP specification. That way I don’t have to decide between the convenience of a GUI frontend, and the functionality of the commandline program. If somebody can make an advanced version of GPA, which provides ALL the capabilities of the OpenPGP specs, combined with the ease-of-use of a GUI front end, THEN I will consider it to be GOOD software. Until then, it’s merely “ok” software. And no, Kleopatra isn’t the right solution. It also leaves out an important part of the OpenPGP specs. OpenPGP allows for a blank email address field. Kleopatra FORCES YOU to fill in the email field, again depriving ME, the end user, of the ability to CHOOSE how I will use it. As I said before, I HATE software that makes choices for me.
As a matter of security, I NEVER give out my email address. If somebody wants to contact me, they’ll have to wait for me to contact them first, via email, so that they will have access to my email address.
Hi AD,
thanks for trying our software and giving feedback!
I tend to have a different opinion the aspect of how many possible options
an interface should expose. This is okay of course, the Gpg4win initiative itself will
only be able to implement some variants! For others it is Free Software coming
with the perission to be taken in other directions.
Best Regards,
Bernhard
How often are you really generating keys? It’s simple enough to use the command line to make nonstandard keys in the size you want. I used it when I wanted a 8192 bit key. The keys generated can still be manipulated with Kleopatra and GPA.
A GUI simplifies the operation for those who can’t, or won’t take the time to work with the cli. I rarely see a GUI that has ALL the functionality of the program’s command line. To incorporate ALL of the functionality of the command line in most cases would result in an overly complex GUI, which kind of defeats the purpose.
Kleopatra and GPA function a bit differently as you noted. Use the one that meets your requirements, but if they don’t then there’s always the command line.
There should be the ability to generate the keys in the 3 most common strengths. These are 1024, 2048, and 4096bits. Gpa.exe lacks 4096bits. Kleopatra lacks 1024bits. Kleopatra has an odd setting for 15xx bits (a non-standard keysize). Gpa has an odd setting for 3072bits (another non-standard keysize).
As a result, neither of these are really what I need. Likewise, the commandline programs are too complex for what I need.
To sum it up, none of the options currently available to me for using GPG4Win, meet my requirements. And I’ve checked all 3 variants of the GPG4Win package (vanilla, lite, and full). If anybody is willing to take some requests from me, on how I would like my GUI front end for GPG4Win, please reply to this message, and let me know that you would be willing to make a GUI for me. At which point I will procede to write down exactly what features I would like to see available in the GUI.
Well, GPG4Win is open source so if you do get someone to adapt your requirements I hope you’ll share it back to the project.
This process on command line isn’t too difficult.
In the command prompt:
C:>gpg --batch --gen-key [Enter]
Key-Type: RSA
Key-Length: 8192
Key-Usage: Sign, Encrypt
Subkey-Type: RSA
Subkey-Length: 8192
Subkey-Usage: Encrypt
Name-Real: Your Name Here
Name-Email: example@address.com
Name-Comment: Comment here.
Passphrase: R3allyG00dP4ssphr4s3//////////
^Z ([Ctrl]+[z], [Enter])
After a minute or so, you should get confirmation that the key was generated successfully.
I agree completly with you. Very good and diplomatic answer!
Pretty sure that the exe file is called “gpg2” not “gpg”. The gpg.exe file is from an old version of GPG4Win. Does gpg2 even allow the same syntax in its commands as gpg?
Last time I checked (but have not downloaded a new version in a while) both gpg.exe and gpg2.exe where there, just in different folders. The old gpg.exe is one folder up from the gpg2.exe I don’t know if the old gpg is going to give you anything that the gpg2 does not have.
FYI: gpg2 can do everything that gpg (1) can do and more.
It does some things differently.
http://wiki.gnupg.org/PlatformNotes writes:
“Always use a current version of GnuPG Version >= 2. (There are only a few rare exceptions to this rule.) GnuPG 2.1.x is “modern”, not all applications may already support the new features fully. So when in doubt, use GnuPG 2.0.x.”