Are DSA2 signing keys backwards compatible?

David Shaw dshaw at
Mon Feb 11 16:06:03 CET 2008

On Mon, Feb 11, 2008 at 02:58:37PM +0100, Sven Radde wrote:
> David Shaw schrieb:
> > No.  Preferences, including the digest preferences, are not relevant
> > here at all.  This is a signature *you* are making.  The digest
> > preferences are consulted when someone *else* is making a signature,
> > and wants to know if you can handle it.
> How would "someone else" (i.e. his GnuPG application) know that he is
> signing *for me*? Except, that is, if he is encrypting to me at the same
> time.

Exactly what you said - it only happens if he is encrypting to you at
the same time.

> For me, it would appear that consulting the preferences of the signing
> key is sensible when deciding about the hash function to use in the
> signature. Of course, given that you create signatures at your own
> system, looking at personal-hash-preferences is also sensible (although
> one might have different preferences when using different keys - i.e. to
> match sizes).
> What is GnuPG's way to choose a hash function, when no recipient is
> apparent (e.g., detached signing of software packages) and no
> preferences are available?

If there is a personal-hash-preference set, we use them.  For RSA,
that means to take the first one on the list, and if none are set, use
SHA-1.  For DSA, that means take the first one that is legal given the
signing key (i.e. large enough).  If there are no personal hash
preferences set, or none of the supplied preferences are legal, then
take the shortest SHA-x that matches the DSA2 key size.


More information about the Gnupg-users mailing list