As a user I would like to choose the OpenPGP key size and algorithm

As the title says, new users are greeted with greyed-out boxes during registration on the advanced options for key type and key legnth. Ultimately, I’d like to allow user choices for the dropdowns, but would settle for allowing 4096 to appease ther the really paranoid types.

Centos7, Nginx 1.16.1, mariadb 5.5.64, php 7.3 - not docker.

Is key length and typ set during server install? Can I change it?
If its referred to here: https://help.passbolt.com/configure/environment/reference.html as passbolt_key_length pr passbolt_subkey_length, I’m unsure where to actually set that.
I was unable to find any reference to key_type.

Thanks,

Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)

0 voters

Hello,

It is not possible at the moment to allow changing this option. The default choice is optimized to balance security and performance.

For the really paranoid types, it is possible to create an OpenPGP from another software and import it. Please notes that other algorithm than RSA (ECC, etc.) are not supported by the API (there is the possibility to implement your own GPG backend, but well, it’s not trivial).

The PASSBOLT_KEY_LENGTH variables and others refers to the length of the server key (not the end user one).

Cheers,

1 Like

Thank you for the fast reply, saved me a few more hours digging. Are those improvements on on the roadmap?

Also, is it a safe assumption that I could import 4096 bit RSA keys instead of using the system generated 2048 without issues?

Thanks,

Are those improvements on on the roadmap?

It is now :). Prioritization will depends on the popularity of the request (I added a poll on top for people to show support).

There is also this related request which I’d love to tackle at some point:

I’d like also to provide more options to support different OpenPGP backends
https://github.com/passbolt/passbolt_api/pull/260 (some work has been done there already)

Again, thanks for the fast reply and the poll. Looking forward to the upgrade if/when it becomes a thing.

1 Like