genkey for DSA with 2048 bit

David Shaw dshaw at
Mon May 10 15:37:45 CEST 2010

On May 10, 2010, at 8:23 AM, Harakiri wrote:

> Hello,
> the old DSA standard only supported 1024 bit, however the newer with SHA256 support 2048 and more.
> I tried it with the --genkey command, i tried
> Key-Type: DSA2
> Key-Type: DSA-2
> Key-Type: DSASHA256
> no dice, how can you generate these kind of keys?

I assume you are doing a --batch key generation (as that is the one that uses a "Key-Type" field).  To generate a > 1024 bit DSA key, just generate a regular DSA key and request a Key-Length that is larger than 1024 bits.  You need a recent version of GPG (1.4.4 for the 1.x branch), and until the latest release, you had to provide --enable-dsa2 as well.

> And, do old gpg versions verify such signatures correctly?

Only 1.4.4 and later for the 1.x branch.  I don't recall which 2.x version added support.


More information about the Gnupg-users mailing list