Are DSA2 signing keys backwards compatible?
Kevin Hilton
kevhilton at gmail.com
Mon Feb 11 05:13:11 CET 2008
>It doesn't work that way. SHA-1 doesn't even work with DSA2 keys.
>DSA2 doesn't mean "a bigger DSA key". It means "a bigger hash with a
>bigger DSA key". DSA2 allows for any hash size that is equal to or
>greater than the hash size that was used when generating the key.
>Thus, for example, it is legal (albeit silly) to use SHA-512 with a
>old DSA key (which uses a 160-bit hash). We just truncate to fit.
So just to clarify --
A 3096 bit DSA signing key could only be used with the SHA-512 hash?
Thanks for the explanation!
More information about the Gnupg-users
mailing list