gnupg2 modified to generate 16384 bits RSA key

[Anne Onime]

I wanted to generate the RSA gnupg key with length of 16384 bits.
Previously it was sufficient to increase the maximum key length:

--- gnupg2-2.0.17.orig/g10/keygen.c
+++ gnupg2-2.0.17/g10/keygen.c
@@ -1774,7 +1774,7 @@ ask_algo (int addmode, int *r_subkey_alg
static unsigned
ask_keysize (int algo, unsigned int primary_keysize)
{
- unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
+ unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=16384;
int for_subkey = !!primary_keysize;
int autocomp = 0;

Now it appears, that the above modification is not sufficient.
Generation of key ends with out of memory error.
To succesfully generate the 16k bit RSA key one needs to increase
amount of allocated "secure memory":

--- gnupg2-2.0.17.orig/g10/gpg.c
+++ gnupg2-2.0.17/g10/gpg.c
@@ -2050,7 +2050,7 @@ main (int argc, char **argv)
#endif

/* Initialize the secure memory. */
- if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
+ if (!gcry_control (GCRYCTL_INIT_SECMEM, 65536, 0))
got_secmem = 1;
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
/* There should be no way to get to this spot while still carrying

After above modifications I was able to successfully generate 16384 bits RSA
key.

[1PW]

As this has all the outward appearances of a friendly enhancement, I
hope you have considered requesting this be included in future
official updates by "The GnuPG Team".

[Lucian Solaris]

I made this modification a long time ago in my copy. Also you may
need to quadruple or more the MPI reserved memory and the secure
memory allocation. I've got mine set to max out at 65536; however,
32768 is the largest I've attempted and the largest I've generated (1
week on P4 3Ghz HT). My copy also has the ECC patches applied, so at
least my copy is ECC capable (though I don't vouch for its security as
I have too limited a knowledge in cryptography to test it).

Also, I'd go through the keygen.c file and seek out the q-bits
variable and make it selectable. My DSA2 keys all sign 512-bit sha512
hashes without truncation, unlike the unmodified versions which
truncate off anything beyond 256 bits. I also highly recommend you
set dsa2 as default behavior without the command-line argument or
config file setting, as DSA2 kicks DSA's butt with larger keysizes.
I've reliably generated 16384 bit DSA2 keys.

One more note, any key above 16384 bits WILL NOT IMPORT, VERIFY WITH,
OR ENCRYPT TO any unmodified versions of GnuPG 1.4. Keys at 16384
bits should work fine for encryption and verification on unmodified
GnuPG installations; however, private keys used for decryption/
signatures may still fail due to an inappropriately small MPI object
size and not enough secure memory allocated.

Happy Hacking, and Encrypting!

[wza...@gmail.com]

To modify the newest version of gnupg2 it is necessary to change sources in three places:

--- gnupg2-2.0.26.orig/g10/gpg.c
+++ gnupg2-2.0.26/g10/gpg.c
@@ -2068,7 +2068,7 @@ main (int argc, char **argv)

#endif

/* Initialize the secure memory. */
- if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))

+ if (!gcry_control (GCRYCTL_INIT_SECMEM, 131072, 0))

got_secmem = 1;
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
/* There should be no way to get to this spot while still carrying

--- gnupg2-2.0.26.orig/g10/keygen.c
+++ gnupg2-2.0.26/g10/keygen.c
@@ -1442,9 +1442,9 @@ gen_rsa (int algo, unsigned nbits, KBNOD
nbits = 2048;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
- else if (nbits > 4096)
+ else if (nbits > 16384)
{
- nbits = 4096;
+ nbits = 16384;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}

@@ -1781,7 +1781,7 @@ ask_algo (int addmode, int *r_subkey_alg