Are DSA2 signing keys backwards compatible?
Sven Radde
email at sven-radde.de
Mon Feb 11 14:58:37 CET 2008
David Shaw schrieb:
> No. Preferences, including the digest preferences, are not relevant
> here at all. This is a signature *you* are making. The digest
> preferences are consulted when someone *else* is making a signature,
> and wants to know if you can handle it.
How would "someone else" (i.e. his GnuPG application) know that he is
signing *for me*? Except, that is, if he is encrypting to me at the same
time.
For me, it would appear that consulting the preferences of the signing
key is sensible when deciding about the hash function to use in the
signature. Of course, given that you create signatures at your own
system, looking at personal-hash-preferences is also sensible (although
one might have different preferences when using different keys - i.e. to
match sizes).
What is GnuPG's way to choose a hash function, when no recipient is
apparent (e.g., detached signing of software packages) and no
preferences are available?
Conservatively, I would say SHA-1, it being the only MUST algorithm of
the RFC (or did this change with 4880?). But for DSA2, this seems not
viable. So, is it the shortest SHA-x for the DSA2 key's size, in this case?
cu, Sven
More information about the Gnupg-users
mailing list