Generate Large Keys with GnuPG

If you’d like to generate larger keys than 4096 bits with GnuPG, you can compile a new version that increases the upper limit of 4096. You’ll probably find yourself generating it as RSA. Download the patch to your un-tared gnupg-1.4.19 directory and apply it with:

[email protected]:~/gnupg-1.4.19$ patch -p0 < gnupg_1.4.19_large_keygen.patch
patching file g10/keygen.c
[email protected]:~/gnupg-1.4.19$ ./configure --enable-large-secmem
checking whether to allocate extra secure memory... yes
[email protected]:~/gnupg-1.4.19$ make -j2
[email protected]:~/gnupg-1.4.19$ make check
[email protected]:~/gnupg-1.4.19$ sudo make install
[email protected]:~/gnupg-1.4.19$ gpg --gen-key --enable-large-rsa

Without the --enable-large-rsa flag, the key generation process will automatically downgrade the key to 4096.

To compile on a Mac, you’ll need to download Xcode from the App Store first. The patch increases the upper limit of the key size to 15489 bits. Without increasing the secure memory limit, generating a key larger than about 7680-bits will fail because it won’t be able to allocate enough memory to the process. Generating keys larger than around 7680-bits (192-bit symmetric equivalent) can also make it impossible to decrypt messages with standard secure memory limits set at compile time because the gpg binary won’t be able to allocate enough secure memory to decrypt the message, even small ones.