gpg rejects SHA224 with DSA-2048

Kevin Kammer mephisto at
Sun Nov 8 03:25:24 CET 2009

On Sat, Nov 07, 2009 at 07:48:01PM -0500 I wrote:
> However, RFC4880 and FIPS186 clearly state:
>      ...that DSA be used in one of the following ways:
>        ...
>      * 2048-bit key, 224-bit q, SHA-224, SHA-256, SHA-384, or SHA-512
>        hash
>        ...

I should clarify that I understand the same specification goes on to
approve 2048-bit DSA with a 256-bit q, and I may have been mistaken in
believing that use of 2048-bit DSA will necessarily truncate the value
of q to 224 bits (perhaps someone could enlighten me as to whether or
not this happens).

In either case, however, the OpenPGP standard does specify that SHA224
can be used with 2048-bit DSA. So, my question as to why GnuPG refuses
that combination still stands.

My guess is that perhaps since there is no real advantage to using
SHA224 when SHA256 is available, it is simply not implemented. But I
would appreciate it if someone with more knowledge were to give me an
authoritative answer.


"Le hasard favorise l'esprit préparé."
                      --Louis Pasteur

More information about the Gnupg-users mailing list