DSA2 keys

David Shaw dshaw at jabberwocky.com
Thu May 25 21:50:38 CEST 2006

Hi folks,

I just committed a change to allow generating new-style DSA keys.  For
those who haven't been following the discussion elsewhere, these are
DSA keys that finally break the 1024-bit key size and the 160-bit hash
limit.  They are part of the new OpenPGP standard.

Just like DSA1 keys have a 160-bit hash size hardcoded into them, DSA2
keys have their hash size hardcoded into them.  This size cannot be
changed once the key is generated.  The hash you use when signing with
this key must be at least the hash size hardcoded into the key.  This
means, for example, if you pick a 256-bit hash size, you cannot use
SHA-1 at all (as it is only 160 bits).  Using hashes that are too
large is allowed, but the hash will be truncated to fit.

The current key size / hash size lineup is to do 160 bits of hash for
a key size of 1024 (same as DSA1), 224 bits of hash for key sizes from
1024 up to 2048, and 256 bits of hash for key sizes from 2048 up to

I know that a number of people here track the latest svn copy of
GnuPG, so I have both a request and warning.  The request is to try
this out and see how it works for you.  The warning is to be very
careful with using these keys - for today and the at least the near
future, there are going to be severe compatibility problems with this.
Many people won't even be able to import your DSA2 key (can't verify
the self-signature).  I know from some testing that PGP 8 and 9 can
handle these keys and signatures.  GnuPG 1.4.3 can also handle them.
Anything else will probably break in various ways.

The magic phrase to turn all this on is --enable-dsa2 on the GPG
command line.


More information about the Gnupg-devel mailing list