DSA2 compatibility

David Shaw dshaw at jabberwocky.com
Fri May 26 18:13:25 CEST 2006

I was not at all clear with my comments about which versions of PGP
are compatible with DSA2 keys and signatures.  The problem is that
DSA2 means several things:

  1) A DSA key with a key size > 1024 bits
  2) A DSA key with a q size (i.e. hash size) > 160 bits
  3) Allowing truncation of a bigger hash to fit into the however many
     bits the key allows.

As far as I can tell at the moment, PGP 8 allows only #3.  That is, if
you have a regular DSA key (1024 bits, 160-bit hash), you can use a
larger hash like SHA-256 with it.  Of course, you still only get 160
bits of strength (you just can't fit 256 bits into a 160 bit field).

Here's what we have so far:

PGP 8.5 (PGP Command Line): Allows truncation, but no other DSA2

GnuPG 1.4.3: Will verify, but not generate DSA2 keys or signatures.

If someone could check PGP 9, I'd appreciate it.


More information about the Gnupg-devel mailing list