On Jul 31, 2008, at 9:30 PM, Nicholas Cole wrote:
Dear List,
A quick question about key generation using --batch --key-gen.
Am I right using the option --openpgp, a DSA2 key can be created
just by using
Key-Type: DSA
and a key-size longer than 1024. I.e. there is no specific Key-Type
for DSA2 keys?
Sort of. There is no real distinction between DSA and DSA2. There is
just DSA. However, the hashes that you can use with the key are
dependent on the key length. It breaks down like this:
length over 2048 === 256 bit hash
length between 1025 and 2048 === 224 bit hash
length between 0 and 1024 === 160 bit hash
Or is it the case that if DSA2 keys are enabled, even a 1024 length
key will be DSA2 (and use new hashes etc)?
A 1024 bit DSA key can only use 160-bit hashes. You can use whatever
hash you like (even the huge SHA512), but you're only going to get 160
bits worth of it.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
