Insufficient/missing check on libgcrypt when gpg2 is used with --enable-dsa2?

Michael Bienia michael at
Wed Apr 2 13:00:47 CEST 2008


I tried to generate a DSA2 key on my Ubuntu hardy box. I have gnupg2
2.0.9 (I took the Debian unstable package and build it on my box) and
libgcrypt11 1.2.4 (from the Ubuntu archive) installed.

I called gpg2 with --enable-dsa2 --gen-key and tried to generate a
3072/4096 DSA2 key which ended in:

gpg: WARNING: some OpenPGP programs can't handle a DSA key with this digest size
gpg2: dsa.c:187: generate: Assertion `nbits >= 512 && nbits <= 1024' failed.
Aborted (core dumped)

After upgrading libgcrypt to 1.4.0 (taken from Debian unstable) it
worked then as expected.

Shouldn't then gpg2 require libgcrypt >= 1.4.0 during build or check
during runtime if the installed libgcrypt supports DSA2 when one tries to
generate/use such a key?


More information about the Gnupg-devel mailing list