DSA2 (was Re: set type digest mode? plus other query)

David Shaw dshaw at jabberwocky.com
Thu Oct 23 20:40:14 CEST 2008


On Thu, Oct 23, 2008 at 12:53:06PM -0400, Werewolf wrote:

> That brings up query for using Engimail with ThunderbirdPortable.  It
> want the gpg binaries in Apps/gpg dir and the keyrings in Data/gpg.  Am
> I to assume the gpg.conf should be with the keyrings (Data/gpg)?

That is the common setup.  I'd go with it unless there is an active
reason not to.

> Secondly I wonder if since my key is 1024 bit DSA that limits the algo
> usable to say sha1, md5, etc?  Saw a note about "--enable-dsa2" option,
> not all applications support this yet. Given latency of the net; is this
> note still very relevant or just slight relevant?

I'm not sure what your question is here.  If your key is 1024 bit DSA,
then you can only use a 160 bit hash with it, which means either SHA-1
or RIPEMD-160.  If your key is 1024 bit DSA and you have --enable-dsa2
set you can use any hash you like that is 160 bits or greater.  You
can never use MD5 with any DSA, as it is only 128 bits long.  Every
other hash in OpenPGP is 160 bits or greater.

David



More information about the Gnupg-users mailing list