Are DSA2 signing keys backwards compatible?

David Picón Álvarez david at
Mon Feb 11 14:44:32 CET 2008

> Again its all very confusing to me -- math aside and practical
> considerations why you wouldn't want to mix and match key types and
> hash lengths.  Again Robert Hansen has wisely suggested use the
> defaults -- I'm understanding this more and more -- however when I see
> showpref statements that would suggest SHA-1 is the default hash, when
> in actuality with larger DSA keys it is not, I get rather frustrated.

I think you have some level of misunderstanding about what, where, and how 
different algorithms are used, and what prefs refer to. I'll try to explain 
it in short, and forgive me if this is old for you and I assumed wrongly.

A keypair contains (simplifying) a public and private key plus metadata. 
Among the metadata there is a self signature, by which the private key signs 
the hash of the public key and other key elements. This hash is NOT 
determined by key preferences, key preferences are means to signal to other 
people what hashes they should use when they issue signatures for you. 
Likewise, the private key is encrypted on secring.gpg, and the algorithm 
used to encrypt it has nothing to do with key preferences, it is a private 
matter. Key preferences are ALWAYS hints to someone else about what 
algorithms you are willing and able to deal with when THEY send you data. 
They have nothing to do with the algorithms you use for encrypting to 
others, encrypting symetrically, hashing your key, and so on, beyond the 
obvious fact that you should be able to deal with all algorithms you place 
in prefs, as well as those used for your own key. These decisions are taken 
mostly through defaults, although it is also possible to use modifiers on 
the command line or options file in order to determine which hashes, or 
which algorithms to use for encrypting the private key.


More information about the Gnupg-users mailing list