DSA key sizes

David Shaw dshaw at jabberwocky.com
Mon Nov 10 14:32:52 CET 2014

On Nov 10, 2014, at 7:00 AM, Nicholas Cole <nicholas.cole at gmail.com> wrote:

> Just out of curiosity: DSA key sizes are now rounded to one of 3
> values, whereas RSA keys are available in a range of sizes between two
> limits.  Why the difference?

FIPS-186-3, the document that specifies DSS (aka DSA with some additional restrictions as to algorithm, key length, etc) specifies 4 key sizes:

  1024 bit key, 160 bit hash
  2048-bit key, 224 bit hash
  2048-bit key, 256 bit hash
  3072-bit key, 256 bit hash.

To be closer to FIPS, GnuPG rounds up to the next 1024-bit boundary when making DSA keys.  The hash rules are keys 2048 bits and over use a 256-bit hash, keys over 1024 bits use a 224 bit hash, and 1024 and under use a 160 bit hash (classic DSA).  GnuPG skips the 2048/224 option in favor of 2048/256.

In --expert mode you can select whatever key size you like without rounding, but the same hash size rules still apply.


More information about the Gnupg-users mailing list