Are DSA2 signing keys backwards compatible?

[David Shaw]

On Sun, Feb 10, 2008 at 08:30:24PM -0600, Kevin Hilton wrote:
> Just to clarify for some other users,
> 
> What version of GnuPG were the DSA2 keys (or longer DSA signing keys)
> and the additional SHA hashes introduced?

They were not introduced at the same time.  As you said in your
earlier mail, DSA2 was introduced in 1.4.8.  The new SHA hashes were
introduced in the 1.3.x development series.  All 1.4 and later GPGs
(including the 2.x series) have them.

> A little of topic, but I'm predicting a future foreseeable bump in the
> road when the Secure Hash Standard is named in 2011 (or whenever the
> recent NIST hash analysis is concluded).  I guess however the
> personal-hash-preferences would bypass this problem and default to
> SHA1 if a new hash (or series of new hashes) is introduced.

It doesn't work that way.  SHA-1 doesn't even work with DSA2 keys.
DSA2 doesn't mean "a bigger DSA key".  It means "a bigger hash with a
bigger DSA key".  DSA2 allows for any hash size that is equal to or
greater than the hash size that was used when generating the key.
Thus, for example, it is legal (albeit silly) to use SHA-512 with a
old DSA key (which uses a 160-bit hash).  We just truncate to fit.

There is no special magic with the new hashes - once they exist, we'll
use them.

> Hopefully md5 support is abandoned, however I guess for historical
> purposes this would be unlikely to happen.

Have you tried using MD5 recently?

> Even more challenging will be when longer DSA keys become the de-facto
> standard.  I would guess there is not any similar workaround.  I guess
> users of older GnuPG versions would simply have to upgrade.

This is not how it works.  There is nothing becoming de-facto here.
Longer DSA keys are the de-jure standard today, and people are just
going to have to upgrade.

David