gpg rejects SHA224 with DSA-2048

Werner Koch wk at gnupg.org
Mon Nov 9 11:52:48 CET 2009


On Mon,  9 Nov 2009 04:17, rjh at sixdemonbag.org said:

> When did this changeover take place, and is there any way to get the old
> behavior back?

On 2009-07-09; that is since 1.4.10 / 2.0.13.  There is no option to
change it back.  The code in g10/keygen.c reads:

    /*
      Figure out a q size based on the key size.  FIPS 180-3 says:

      L = 1024, N = 160
      L = 2048, N = 224
      L = 2048, N = 256
      L = 3072, N = 256

      2048/256 is an odd pair since there is also a 2048/224 and
      3072/256.  Matching sizes is not a very exact science.
      
      We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024
      but less than 2048, and 160 for 1024 (DSA1).
    */

    if(nbits>2047)
      qbits=256;
    else if(nbits>1024)
      qbits=224;
    else
      qbits=160;



Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list