Can't check signature, DSA key 9C973C92 requires a 256 bit or larger hash
Werner Koch
wk at gnupg.org
Mon Mar 17 16:49:01 CET 2014
On Mon, 17 Mar 2014 15:39, dkg at fifthhorseman.net said:
> So gpg's behavior seems to be non-uniform here. That said, i'd love to
As required by FIPS-186-3, 4.2:
This Standard specifies the following choices for the pair L and N
(the bit lengths of p and q, respectively):
L = 1024, N = 160
L = 2048, N = 224
L = 2048, N = 256
L = 3072, N = 256
and RFC-4880:
13.6. DSA
An implementation SHOULD NOT implement DSA keys of size less than
1024 bits. It MUST NOT implement a DSA key with a q size of less
than 160 bits. DSA keys MUST also be a multiple of 64 bits, and the
q size MUST be a multiple of 8 bits. The Digital Signature Standard
(DSS) [FIPS186] specifies that DSA be used in one of the following
ways:
* 1024-bit key, 160-bit q, SHA-1, SHA-224, SHA-256, SHA-384, or
SHA-512 hash
* 2048-bit key, 224-bit q, SHA-224, SHA-256, SHA-384, or SHA-512
hash
* 2048-bit key, 256-bit q, SHA-256, SHA-384, or SHA-512 hash
* 3072-bit key, 256-bit q, SHA-256, SHA-384, or SHA-512 hash
The above key and q size pairs were chosen to best balance the
strength of the key with the strength of the hash. Implementations
SHOULD use one of the above key and q size pairs when generating DSA
keys. If DSS compliance is desired, one of the specified SHA hashes
must be used as well. [FIPS186] is the ultimate authority on DSS,
and should be consulted for all questions of DSS compliance.
> be able to tell gpg to ignore or explicitly reject signatures made by
> strong keys with MD5 digests.
Run in enforced FIPS mode ;-)
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list