DSA question

[Werner Koch]

Hi,

I have added some support for DSA, it is now possible to verify
PGP keys.  I coded signature creation too, but this is not yet
tested.

While I figured out, what kind of stuff PGP hashes to make a signature I
noticed, that for DSA signatures, the message digest is used directly as
input to the sign/verify function without mangling it with pad bytes
and ASN; so it is only 160 bits long.

For ElGamal signatures I use a frame of the complete size key size
and pad it similar to what PGP does for RSA signatures.
I guess that the padding with 0xff decreases performance a lot
(due to the g^hash mod p calculation) - any suggestion how to avoid this?
 

-- 
Werner                      (finger gcrypt at ftp.guug.de for info about GnuPG)