Signature key length limitations

Len Sassaman rabbi@quickie.net
Wed Aug 21 04:53:02 2002


On Tue, 20 Aug 2002, Aaron Lehmann wrote:

> On Tue, Aug 20, 2002 at 07:32:02PM -0700, Len Sassaman wrote:
> > > I want to generate a signature key that's longer than 1024 bits.
> > > However, this isn't allowed by the DSA standard, and GPG tells me that
> > > using ElGamal for signature keys is "deperecated". While GPG doesn't
> > > say the same thing about RSA, it seems unusual to be generating RSA
> > > OpenPGP keys in the 21st century.
> >
> > Why? It makes more sense to use RSA keys now than it did last decade, when
> > there were patent problems.
>
> I think I'm confusing RSA keys and PGP2 keys.

Yep, likely.

> RSA is a great cryptosystem and I have nothing against it.
>
> However, I don't like the constraints that used to be placed on RSA
> keys back when PGP only supported RSA.

Right. RSA v3 keys (the RSA keys that PGP 2.x used) have a number of
problems with them, and are rightfully depricated.

> If I generate a RSA key with a modern OpenPGP implementation (GPG),
> will it act like old-style PGP RSA keys? For example, will MD5 or
> SHA-1 be used as the hash function for signature generation?

GnuPG can interact with RSA v3 keys (old-style RSA keys), but if you
generate an RSA key with GnuPG, it will be V4, and have all the associated
properties. (Just like DSA v4 keys, it will have a primary key for
signing, and a subkey for encryption. These are actually two seperate RSA
keys).

> Will PGP5 and up interoperate with GPG-generated RSA keys?

Not entirely. PGP and GnuPG added support for RSA v4 keys at about the
same time -- two years ago -- which means that PGP 7.x and up supports RSA
v4 keys, but previous versions do not have full support.

Previous versions of PGP should probably be upgraded, though.


--Len.