Signature key length limitations

Len Sassaman
Wed Aug 21 04:31:01 2002

On Tue, 20 Aug 2002, Aaron Lehmann wrote:

> Hello,
> I want to generate a signature key that's longer than 1024 bits.
> However, this isn't allowed by the DSA standard, and GPG tells me that
> using ElGamal for signature keys is "deperecated". While GPG doesn't
> say the same thing about RSA, it seems unusual to be generating RSA
> OpenPGP keys in the 21st century.

Why? It makes more sense to use RSA keys now than it did last decade, when
there were patent problems.

> What's the best way to go about generating a large signature key (and
> why doesn't GPG provide a clear way to do so using a discrete-log
> problem based algorithm)?

There are pitfalls that can result in key compromise in doing ElGamal
signatures. No other OpenPGP implimentation supports them, whereas all
modern OpenPGP implimentations support RSA v4 keys.