batch create DSA2
David Shaw
dshaw at jabberwocky.com
Fri Aug 1 04:17:23 CEST 2008
On Jul 31, 2008, at 9:30 PM, Nicholas Cole wrote:
> Dear List,
>
> A quick question about key generation using --batch --key-gen.
>
> Am I right using the option --openpgp, a DSA2 key can be created
> just by using
>
> Key-Type: DSA
>
> and a key-size longer than 1024. I.e. there is no specific Key-Type
> for DSA2 keys?
Sort of. There is no real distinction between DSA and DSA2. There is
just DSA. However, the hashes that you can use with the key are
dependent on the key length. It breaks down like this:
length over 2048 === 256 bit hash
length between 1025 and 2048 === 224 bit hash
length between 0 and 1024 === 160 bit hash
> Or is it the case that if DSA2 keys are enabled, even a 1024 length
> key will be DSA2 (and use new hashes etc)?
A 1024 bit DSA key can only use 160-bit hashes. You can use whatever
hash you like (even the huge SHA512), but you're only going to get 160
bits worth of it.
David
More information about the Gnupg-users
mailing list