About key size

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
OpenVpn Newbie
Posts: 2
Joined: Wed Mar 25, 2020 7:13 am

About key size

Post by santiago@caoba.fr » Wed Mar 25, 2020 7:30 am


I was wondering two things about key size that I didn't find documented.

1) I always hear 1024 is insecure, 2048, 3072, 4096 are ok. But why is it always multiples of 1024? Out of curiosity, I successfully created keys of random sizes like 3012 or 3594. What is the rule?

2) I also hear that the longer the key, the harder for the CPU. What happens if key size varies throughout the clients? Can two keys of different size talk to each other? If on the server I create a 2048 bit CA key and depending on the CPU of the client I create 2048 or 3072 or 4096 bit client key. Will it work? From what I read, the CA key length can be shorter so that a weak client can use 2048 bit CA key and 2048 bit client key and a powerful client will use a 2048 bit CA key and a 4096 bit client key.


Post Reply