gpg rejects SHA224 with DSA-2048
Kevin Kammer
mephisto at fastmail.net
Sun Nov 8 01:48:01 CET 2009
If I attempt to create a data signature using a 2048-bit DSA signing
key, and the SHA224 hash algorithm, GnuPG complains as follows:
~ $ gpg -u A39CE7E5 --digest-algo H11 -b test.txt
...
2048-bit DSA key, ID A39CE7E5, created 2009-11-02 (main key ID 14CA0E78)
gpg: writing to `test.txt.asc'
gpg: DSA key A39CE7E5 requires a 256 bit or larger hash
gpg: signing failed: general error
~ $
However, RFC4880 and FIPS186 clearly state:
...that DSA be used in one of the following ways:
...
* 2048-bit key, 224-bit q, SHA-224, SHA-256, SHA-384, or SHA-512
hash
...
To the best of my knowledge, DSA with a 2048-bit key length only uses
224 bits of hash material. So, even if GnuPG insists that a 256 hash be
used, the digest is being truncated to 224 bits anyway.
While I realize that the SHA224 algo is essentially the SHA256 algo set
to spit out 224 bits--and therefore the difference between invoking
SHA224 vs. invoking SHA256 and truncating is essentially academic--it
still seems odd that GnuPG would reject SHA224 out of hand. If nothing
else, it does not seem to be in keeping with the OpenPGP standard.
Does anybody know why GnuPG rejects SHA224 with 2048-bit DSA signing
keys?
More information about the Gnupg-users
mailing list