Looking for Elgamal sign+encrypt key information

David Shaw dshaw at jabberwocky.com
Mon Mar 22 01:43:04 CET 2004

On Sun, Mar 21, 2004 at 11:35:59AM -0700, Kurt Fitzner wrote:
> Atom 'Smasher' wrote:
> >since you mention lobbying for the algorithms, protocols, and standards
> >that offer real protection, i'll ask the list, again, what's the current
> >status of DSS/DSA variants that allow larger keys and hashes? when will
> >this become a standard that can be used in "end products" like gpg? should
> >the current openPGP draft be including a "reserved" status for such
> >signatures?
> Apparantly some of the changes have already made it into DSS.  For quite
> some time, too.  As of October 1, 2001, ANSI X9.31 (rDSA) which is an
> RSA-based signature algorithm that supports >1024-bit keys, was added
> into the DSS.  This is specified in FIPS 186-2, which now supercedes the
> original DSS FIPS 186-1.

OpenPGP has a RSA-based signature algorithm that supports >1024-bit
keys.  It's, well, RSA ;)

> Additionally, the new DSS now also supports eliptic curve keys as
> specified in ANSI X9.62.[1]

There is a reserved algorithm number in OpenPGP for ECDSA, but nobody
has decided upon and written down the details of the packet formats
and other details of how it would work in OpenPGP.

> My research hasn't uncovered whether or not this new DSS is a topic of
> discussion for inclusion with the updated OpenPGP.  Does anyone here know?

It hasn't been discussed.  What's to add?  OpenPGP has DSA already, it
doesn't need rDSA, and has a reserved slot for ECDSA for whenever
someone wants to add it.  The fact that nobody has done this leads me
to believe there is not strong interest in it.


More information about the Gnupg-users mailing list