RSA-2048 No Longer VS-NfD Compliant in 2024: Here's What You Need to Know

Posted on January 3, 2024 by Alexander Kulbartsch

The German Federal Office for Information Security (BSI) had already recommended switching to at least RSA-3000 keys for VS-NfD-compliant encryption back in 2023. RSA-2048 keys were temporarily allowed until the end of 2023, but that grace period is now over.

Full Details from the BSI

What Does This Mean for You?

As of January 1, 2024, RSA-2048 keys are no longer VS-NfD compliant. This is outlined in the operational requirements set by the BSI for GnuPG VS-Desktop®.

The good news? RSA-3072 remains fully approved with no restrictions.

Even better: If you're using GnuPG VS-Desktop®, there's nothing to worry about. The software has always generated RSA-3072 keys by default, so chances are, you're already in the clear.

Warning: Older Smartcards May No Longer Work!

If you're using a smartcard, check which key lengths it supports. Older smartcards that only allow RSA-2048 are now no longer approved for VS-NfD encryption. If that applies to you, it's time for an upgrade.

Unless otherwise noted, these web pages are: Copyright 2025 g10 Code GmbH. Verbatim copying and distribution is permitted in any medium, provided this notice is preserved. See the Legal Notice & Privacy Policy for details. This page was last changed on 2025-01-30.