DSA key sizes
David Shaw
dshaw at jabberwocky.com
Mon Nov 10 14:32:52 CET 2014
On Nov 10, 2014, at 7:00 AM, Nicholas Cole <nicholas.cole at gmail.com> wrote:
> Just out of curiosity: DSA key sizes are now rounded to one of 3
> values, whereas RSA keys are available in a range of sizes between two
> limits. Why the difference?
FIPS-186-3, the document that specifies DSS (aka DSA with some additional restrictions as to algorithm, key length, etc) specifies 4 key sizes:
1024 bit key, 160 bit hash
2048-bit key, 224 bit hash
2048-bit key, 256 bit hash
3072-bit key, 256 bit hash.
To be closer to FIPS, GnuPG rounds up to the next 1024-bit boundary when making DSA keys. The hash rules are keys 2048 bits and over use a 256-bit hash, keys over 1024 bits use a 224 bit hash, and 1024 and under use a 160 bit hash (classic DSA). GnuPG skips the 2048/224 option in favor of 2048/256.
In --expert mode you can select whatever key size you like without rounding, but the same hash size rules still apply.
David
More information about the Gnupg-users
mailing list