Are DSA2 signing keys backwards compatible?

Kevin Hilton kevhilton at gmail.com
Mon Feb 11 03:30:24 CET 2008


Just to clarify for some other users,

What version of GnuPG were the DSA2 keys (or longer DSA signing keys)
and the additional SHA hashes introduced?

A little of topic, but I'm predicting a future foreseeable bump in the
road when the Secure Hash Standard is named in 2011 (or whenever the
recent NIST hash analysis is concluded).  I guess however the
personal-hash-preferences would bypass this problem and default to
SHA1 if a new hash (or series of new hashes) is introduced.
Hopefully md5 support is abandoned, however I guess for historical
purposes this would be unlikely to happen.

Even more challenging will be when longer DSA keys become the de-facto
standard.  I would guess there is not any similar workaround.  I guess
users of older GnuPG versions would simply have to upgrade.



More information about the Gnupg-users mailing list