genkey for DSA with 2048 bit
David Shaw
dshaw at jabberwocky.com
Mon May 10 15:37:45 CEST 2010
On May 10, 2010, at 8:23 AM, Harakiri wrote:
> Hello,
>
> the old DSA standard only supported 1024 bit, however the newer with SHA256 support 2048 and more.
>
> I tried it with the --genkey command, i tried
>
> Key-Type: DSA2
> Key-Type: DSA-2
> Key-Type: DSASHA256
>
> no dice, how can you generate these kind of keys?
I assume you are doing a --batch key generation (as that is the one that uses a "Key-Type" field). To generate a > 1024 bit DSA key, just generate a regular DSA key and request a Key-Length that is larger than 1024 bits. You need a recent version of GPG (1.4.4 for the 1.x branch), and until the latest release, you had to provide --enable-dsa2 as well.
> And, do old gpg versions verify such signatures correctly?
Only 1.4.4 and later for the 1.x branch. I don't recall which 2.x version added support.
David
More information about the Gnupg-users
mailing list