Gnupg: display p and q lengths of DSA public keys?

David Shaw dshaw at
Thu Dec 1 22:00:31 CET 2011

On Dec 1, 2011, at 1:50 PM, Pat Hall DDPMOSTL wrote:

> In attempting to determine whether a given GPG public key is still in the "acceptable" category of U.S. NIST SP 800-131A standards as of 2011, for DSA keys I need to be able to verify both the |p| and |q| lengths.
> In particular, I need to verify that DSA keys have |p| >= 2048 bits AND have |q| >= 224 bits.
> I can see numbers in the below examples of a DSA key of pkd:1:160 and pkey[1]: [160 bits] - these look like the |q| value (which is in the "Deprecated from 2011 through 2013, and Disallowed after 2013 range), but I'd like verification that.

Yes.  When listing a DSA key or subkey, the lengths given in pkd:0 or pkey[0] are for "p", and the lengths given in pkd:1 or pkey[1] are for "q".


More information about the Gnupg-users mailing list