Are DSA2 signing keys backwards compatible?

Kevin Hilton kevhilton at
Mon Feb 11 05:53:23 CET 2008

>You could use SHA-512 with
>it if you liked, but the hash would be truncated to 256 bits.

Interesting.  Are the higher or lower bits truncated?

>We follow the advice in FIPS 180-3:
>      L = 1024, N = 160
>      L = 2048, N = 224
>      L = 3072, N = 256

Ok.  So back to the ever asking defaults question, so why when I
produce a 3072 bit DSA signing key, why isnt my first digest hash
preference or choice SHA-256?  Here is what I am getting:

pub  3072D/0053175A  created: 2007-11-14  expires: never       usage: SC
                     trust: unknown       validity: unknown
sub  4096g/51BFA0E0  created: 2007-11-14  expires: never       usage: E
[ unknown] (1). -----------------------------------------------------

Command> showpref
[ unknown] (1). -----------------------------------------------------
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA1, SHA256, RIPEMD160
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify

It would seem in fact that my digest preferences should only be SHA256
or SHA512 based on the information provided!  SHA1 or RIPEMD160
shouldn't even be listed here, correct?

More information about the Gnupg-users mailing list