Gnupg: display p and q lengths of DSA public keys?
Pat Hall DDPMOSTL
pat.hall at ddpmo.org
Thu Dec 1 19:50:02 CET 2011
In attempting to determine whether a given GPG public key is still in the "acceptable" category of U.S. NIST SP 800-131A standards as of 2011, for DSA keys I need to be able to verify both the |p| and |q| lengths.
In particular, I need to verify that DSA keys have |p| >= 2048 bits AND have |q| >= 224 bits.
I can see numbers in the below examples of a DSA key of pkd:1:160 and pkey[1]: [160 bits] - these look like the |q| value (which is in the "Deprecated from 2011 through 2013, and Disallowed after 2013 range), but I'd like verification that.
I've tried
gpg2 --list-keys --with-key-data
which gives something like:
pub:-:1024:
pkd:0:1024:
pkd:1:160:
pkd:2:1024:
pkd:3:1021:
uid:-::::
sub:-:2048:
pkd:0:2048:
pkd:1:2:02:
pkd:2:2046:
And
gpg --export-options export-minimal --export <keyid> | gpg --list-packets
Which gives something like
:public key packet:
version 4, algo 17, created ..., expires 0
pkey[0]: [1024 bits]
pkey[1]: [160 bits]
pkey[2]: [1024 bits]
pkey[3]: [1022 bits]
keyid: ...
:user ID packet: "..."
:signature packet: algo 17, keyid ...
version 4, created ..., md5len 0, sigclass 0x10
digest algo 2, begin of digest ...
hashed subpkt 2 len 4 (sig created ...)
hashed subpkt 11 len 6 (pref-sym-algos: ...)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 27 len 4 (key flags: ...)
subpkt 16 len 8 (issuer key ID ...)
data: [160 bits]
data: [160 bits]
:public sub key packet:
version 4, algo 16, created ..., expires 0
pkey[0]: [2048 bits]
pkey[1]: [2 bits]
pkey[2]: [2048 bits]
keyid: ...
:signature packet: algo 17, keyid ...
version 4, created ..., md5len 0, sigclass 0x18
digest algo 2, begin of digest ...
hashed subpkt 2 len 4 (sig created ...)
hashed subpkt 27 len 4 (key flags: ...)
subpkt 16 len 8 (issuer key ID ...)
data: [159 bits]
data: [160 bits]
This electronic message is from Delta Dental of Missouri. It may contain confidential or privileged information protected by HIPAA Privacy and HITECH regulations. If this message was delivered to you in error, you may not forward, print or distribute in any way. This footnote also confirms that this email message has passed IRONPORT email anti-virus rules and is virus-free. 01 Dec 2011 18:50:04 -0000
More information about the Gnupg-users
mailing list