Werner Koch wk at
Mon Nov 10 17:31:47 CET 2014

On Mon, 10 Nov 2014 15:32, kristian.fiskerstrand at
> This is not necessarily true if [RFC6979]: "Deterministic Usage of the
> Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature
> Algorithm (ECDSA)" is used.

Which is used in 2.1: 

commit 6466db10fb22a4f24df4edad9c5cb33ec67321bd
Author: Werner Koch <wk at>
Date:   Sat Sep 7 10:06:46 2013 +0200

    Switch to deterministic DSA.
    * agent/pksign.c (rfc6979_hash_algo_string): New.
    (do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979.
    Now that we have a good (and not NSA/NIST demanded ;-) specification
    on how to use DSA without a random nonce, we take advantage of it and
    thus avoid pitfalls related to a misbehaving RNG during signature
    Note that OpenPGP has the option of using a longer hash algorithm but
    truncated to what is suitable for the used DSA key size.  The hash
    used as input to RFC-6979 will also be one with an appropriate digest
    length but not a truncated one.  This is allowed by RFC-6979.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list