It may be a dumb question, but I haven't been able to find an answer so far…
I've created a key-pair some time ago, and I can see that
ls -l ~/.gnupg
-rw------- 1 xxx xxx 7912 sept. 24 20:08 gpg.conf
-rw------- 1 xxx xxx 1202 oct. 11 2014 pubring.gpg
-rw------- 1 xxx xxx 600 sept. 24 20:40 random_seed
-rw------- 1 xxx xxx 2580 oct. 11 2014 secring.gpg
-rw------- 1 xxx xxx 1280 oct. 11 2014 trustdb.gpg
since secring.gpg
is 2580 bits, I guess I have a 2048 bits key.
It's confirmed by the maven-gpg plugin since when I use it, it logs
You need a passphrase to unlock the secret key for
user: xxx
2048-bit RSA key, ID 0F1F7C52, created 2014-10-11
However, what is the canonical method to find my key length? And its associated algorithm?
Best Answer
You've already got it printed on your screen, although the canonical method would be rather printing the list of secret keys using
gpg --list-secret-keys
providing similar output (which slightly depends on the GnuPG version used).You're using a 2048 bit RSA key.
The algorithm is important, some algorithms require larger keys for comparable security, as they build on different mathematical problems. For example, RSA requires rather large keys compared with DSA (and a 1024 bit DSA key is considered fine, while a 1024 bit RSA key is a little bit small), but suffers less from weak entropy. Elliptic curve cryptography provides "even more security per bit", but is newer and experienced fever analysis than RSA and DSA.
Not actually, it's 2580 bytes, so you're off factor 8. The secring not only contains the secret primary key, but also
If you're curious, you can list all packets contained in that file using
gpg --list-packets ~/.gnupg/secring.gpg
.