How to find out the GnuPG key length

gnupg

It may be a dumb question, but I haven't been able to find an answer so far…

I've created a key-pair some time ago, and I can see that

ls -l ~/.gnupg
-rw------- 1 xxx xxx 7912 sept. 24 20:08 gpg.conf
-rw------- 1 xxx xxx 1202 oct.  11  2014 pubring.gpg
-rw------- 1 xxx xxx  600 sept. 24 20:40 random_seed
-rw------- 1 xxx xxx 2580 oct.  11  2014 secring.gpg
-rw------- 1 xxx xxx 1280 oct.  11  2014 trustdb.gpg


since secring.gpg is 2580 bits, I guess I have a 2048 bits key.

It's confirmed by the maven-gpg plugin since when I use it, it logs

You need a passphrase to unlock the secret key for
user: xxx
2048-bit RSA key, ID 0F1F7C52, created 2014-10-11


However, what is the canonical method to find my key length? And its associated algorithm?

However, what is the canonical method to find my key length? And its associated algorithm?

You've already got it printed on your screen, although the canonical method would be rather printing the list of secret keys using gpg --list-secret-keys providing similar output (which slightly depends on the GnuPG version used).

 2048-bit RSA key, ID 0F1F7C52, created 2014-10-11


You're using a 2048 bit RSA key.

The algorithm is important, some algorithms require larger keys for comparable security, as they build on different mathematical problems. For example, RSA requires rather large keys compared with DSA (and a 1024 bit DSA key is considered fine, while a 1024 bit RSA key is a little bit small), but suffers less from weak entropy. Elliptic curve cryptography provides "even more security per bit", but is newer and experienced fever analysis than RSA and DSA.

since secring.gpg is 2580 bits, I guess I have a 2048 bits key.

Not actually, it's 2580 bytes, so you're off factor 8. The secring not only contains the secret primary key, but also

• the public key (which is always stored in a secret key packet in OpenPGP)
• secret subkey packets
• binding signatures for the subkeys
• user ID packets with self signatures
• user attributes (currently, there are only images using that packet)

If you're curious, you can list all packets contained in that file using gpg --list-packets ~/.gnupg/secring.gpg.