gpg rejects SHA224 with DSA-2048

Robert J. Hansen rjh at
Sun Nov 8 03:44:23 CET 2009

Kevin Kammer wrote:
> If I attempt to create a data signature using a 2048-bit DSA signing
> key, and the SHA224 hash algorithm, GnuPG complains as follows:
> ~ $ gpg -u A39CE7E5 --digest-algo H11 -b test.txt

Your key is not on the keyserver network, so that will impair our
ability to help you out with this.

It appears that your key is actually 14CA0E78.  To tell it to use a
particular subkey, you need to append a "!" to the subkey ID.
Otherwise, I believe GnuPG's behavior is to look at the certificate that
subkey belongs to, and use the largest signing subkey on that
certificate.  If you have a 3072-bit signing subkey on 14CA0E78, this
would explain your problem.


~ $ gpg -u A39CE7E5! --digest-algo H11 -b test.txt

More information about the Gnupg-users mailing list