DSA keys limited to 3072 bits in GnuPG -- should have harder failure mode?
Werner Koch
wk at gnupg.org
Wed Sep 29 10:44:31 CEST 2010
On Tue, 28 Sep 2010 19:23, dkg at fifthhorseman.net said:
> in writing up a little benchmarking script, i noticed that DSA keys are
> limited to 3072 bits max.
That is per FIPS 186-3.
> The attached patch is a proposal to fail hard in this situation.
Which would break a couple of frontends. This also allows us to
silently allow larger keys once it has been defined - despite that
nobody will ever use DSA keys > 3072.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list