-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 04:11 2007-08-23, Oskar L. wrote: - --snip-- >Robert J. Hansen wrote (regarding "DSA2" keys): >> The latest versions of PGP support them. > >That's good news. Can it also create them? But there are probably still >many using older versions. I know some who refuse to update from 6.5.8.
Some people stick to PGP 8.1, a version fairly compliant with GPG. See below. > > >David Shaw wrote: >> Now that DSA2 is here, there aren't really that many benefits to RSA >> (and I say this as someone with an RSA key). In theory, DSA is better >> because it is required by OpenPGP: you won't be able to find any >> OpenPGP implementation that doesn't handle it. This is not true of >> RSA (it's legal for a program to reject it just because it is RSA). >> In practice, that doesn't happen much because the "big two", PGP and >> GPG, both handle RSA. > - -- snip -- > >So would it be fair to sum up the differences like this: >- for signing DSA is faster, for verification RSA is faster, > but there's not much of a difference. >- OpenPGP implementations must support DSA, but supporting RSA > is optional, but both gpg and PGP support RSA, so there's > not much of a differance. >- original DSA limited to 1024 bit keys and 160 bit hashes. >- DSA signatures are smaller. >- updated DSA, aka "DSA2", equal to RSA when it comes to the > lenghts of keys and hashes. >- Of PGP, only the newest version support DSA2 keys. >- RSA has a hash firewall > >If there are no other significant differences that I have missed, since I >want a key larger that 1024 bits, it must be a DSA2 or RSA key. RSA gets a >minus for not being required by OpenPGP, but only a small one since it is >supported anyway. DSA2 gets minus points both for lack of support in older >versions of PGP, and for lack of a hash firewall. RSA still seems better >to me, but not by as much as I previously thought. > > - --snip -- > >Oskar PGP 8.1 verifies SHA-256 hashes made by large RSA-keys, but NOT any signatures made by DSA2-keys. "Signing algorithm not supported". To create DSA2-keys with GPG you have to use the option "enable-dsa2". Snoken -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959 iD8DBQFGzXNCWisObvnr8tQRAuSVAJ9p0FHy+Xgp+qetg00FBDDlf2/7eACfTu6t RONfGdW5At2219R7Y4VZXL4= =QFqQ -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
