Draft of nine new FAQ questions

Robert J. Hansen rjh at sixdemonbag.org
Wed May 23 22:45:30 CEST 2012

On 5/23/12 4:12 PM, David Shaw wrote:
> #1 explains why we default to 2048-bit keys, but not why RSA.

Fixed, thank you.

> The answer you have for #4 is not exactly wrong, but it is not
> complete.  GnuPG doesn't support 4096-bit keys just because PGP (the
> product) does.  It also supports a range of key sizes because OpenPGP
> (the standard) does.

I don't want to seem argumentative (especially because I haven't looked
at the RFC lately), but I was under the impression the RFC was mostly
silent on the subject of algorithms and key sizes -- DSA being a MUST
algorithm, but little guidance beyond that.  Am I in error?

(That said, the text has been fixed: thank you.)

> For #10, it might be worth mentioning something about the use of
> different hash lengths (q) for the different DSA sizes.  The two sort
> of go hand in hand.  Or for that matter, perhaps a question #11 "How
> come my signatures from my 2048-bit DSA key use a different hash than
> those from my 1024-bit DSA key?" would be interesting.


More information about the Gnupg-users mailing list