DSA2 keys

David Shaw dshaw at jabberwocky.com
Fri May 26 16:44:26 CEST 2006

On Fri, May 26, 2006 at 12:41:47PM +0200, Qed wrote:
> On 05/25/2006 09:50 PM, David Shaw wrote:
> [..snip..]
> > The current key size / hash size lineup is to do 160 bits of hash for
> > a key size of 1024 (same as DSA1), 224 bits of hash for key sizes from
> > 1024 up to 2048, and 256 bits of hash for key sizes from 2048 up to
> > 3072.
> [..snip..]
> Question: full hash size will be enabled on certification signatures too
> or it will be truncated to 160 bits?

A signature is a signature is a signature.  Whatever size hash the key
supports, you can use.  If you pick a larger hash, it'll be truncated.

> > I know that a number of people here track the latest svn copy of
> > GnuPG, so I have both a request and warning.  The request is to try
> > this out and see how it works for you.  The warning is to be very
> > careful with using these keys - for today and the at least the near
> > future, there are going to be severe compatibility problems with this.
> > Many people won't even be able to import your DSA2 key (can't verify
> > the self-signature).  I know from some testing that PGP 8 and 9 can
> > handle these keys and signatures.  GnuPG 1.4.3 can also handle them.
> > Anything else will probably break in various ways.
> Any hints on sending a DSA2 key to keyservers? This should be avoided.

Keyservers don't validate keys, so this should work fine.  Of course,
not everyone will be able to download and use the key, but the
keyserver shouldn't care either way.


More information about the Gnupg-devel mailing list