gpg rejects SHA224 with DSA-2048
Werner Koch
wk at gnupg.org
Mon Nov 9 11:52:48 CET 2009
On Mon, 9 Nov 2009 04:17, rjh at sixdemonbag.org said:
> When did this changeover take place, and is there any way to get the old
> behavior back?
On 2009-07-09; that is since 1.4.10 / 2.0.13. There is no option to
change it back. The code in g10/keygen.c reads:
/*
Figure out a q size based on the key size. FIPS 180-3 says:
L = 1024, N = 160
L = 2048, N = 224
L = 2048, N = 256
L = 3072, N = 256
2048/256 is an odd pair since there is also a 2048/224 and
3072/256. Matching sizes is not a very exact science.
We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024
but less than 2048, and 160 for 1024 (DSA1).
*/
if(nbits>2047)
qbits=256;
else if(nbits>1024)
qbits=224;
else
qbits=160;
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list