On Jul 31, 2008, at 9:30 PM, Nicholas Cole wrote:

Dear List,

A quick question about key generation using --batch --key-gen.

Am I right using the option --openpgp, a DSA2 key can be created just by using

Key-Type: DSA

and a key-size longer than 1024.  I.e. there is no specific Key-Type
for DSA2 keys?

Sort of. There is no real distinction between DSA and DSA2. There is just DSA. However, the hashes that you can use with the key are dependent on the key length. It breaks down like this:

length over 2048  ===  256 bit hash
length between 1025 and 2048 === 224 bit hash
length between 0 and 1024 === 160 bit hash

Or is it the case that if DSA2 keys are enabled, even a 1024 length
key will be DSA2 (and use new hashes etc)?

A 1024 bit DSA key can only use 160-bit hashes. You can use whatever hash you like (even the huge SHA512), but you're only going to get 160 bits worth of it.

David

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to