DSA keys limited to 3072 bits in GnuPG -- should have harder failure mode?

Werner Koch wk at gnupg.org
Wed Sep 29 10:44:31 CEST 2010


On Tue, 28 Sep 2010 19:23, dkg at fifthhorseman.net said:

> in writing up a little benchmarking script, i noticed that DSA keys are
> limited to 3072 bits max.

That is per FIPS 186-3.

> The attached patch is a proposal to fail hard in this situation.

Which would break a couple of frontends.  This also allows us to
silently allow larger keys once it has been defined - despite that
nobody will ever use DSA keys > 3072.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list