Are DSA2 signing keys backwards compatible?
David Picón Álvarez
david at miradoiro.com
Mon Feb 11 14:44:32 CET 2008
> Again its all very confusing to me -- math aside and practical
> considerations why you wouldn't want to mix and match key types and
> hash lengths. Again Robert Hansen has wisely suggested use the
> defaults -- I'm understanding this more and more -- however when I see
> showpref statements that would suggest SHA-1 is the default hash, when
> in actuality with larger DSA keys it is not, I get rather frustrated.
I think you have some level of misunderstanding about what, where, and how
different algorithms are used, and what prefs refer to. I'll try to explain
it in short, and forgive me if this is old for you and I assumed wrongly.
A keypair contains (simplifying) a public and private key plus metadata.
Among the metadata there is a self signature, by which the private key signs
the hash of the public key and other key elements. This hash is NOT
determined by key preferences, key preferences are means to signal to other
people what hashes they should use when they issue signatures for you.
Likewise, the private key is encrypted on secring.gpg, and the algorithm
used to encrypt it has nothing to do with key preferences, it is a private
matter. Key preferences are ALWAYS hints to someone else about what
algorithms you are willing and able to deal with when THEY send you data.
They have nothing to do with the algorithms you use for encrypting to
others, encrypting symetrically, hashing your key, and so on, beyond the
obvious fact that you should be able to deal with all algorithms you place
in prefs, as well as those used for your own key. These decisions are taken
mostly through defaults, although it is also possible to use modifiers on
the command line or options file in order to determine which hashes, or
which algorithms to use for encrypting the private key.
More information about the Gnupg-users