On Sat, Nov 07, 2009 at 09:44:23PM -0500 Also sprach Robert J. Hansen: > Kevin Kammer wrote: > > If I attempt to create a data signature using a 2048-bit DSA signing > > key, and the SHA224 hash algorithm, GnuPG complains as follows: > > > > ~ $ gpg -u A39CE7E5 --digest-algo H11 -b test.txt > > Your key is not on the keyserver network, so that will impair our > ability to help you out with this. > > It appears that your key is actually 14CA0E78. To tell it to use a > particular subkey, you need to append a "!" to the subkey ID. > Otherwise, I believe GnuPG's behavior is to look at the certificate that > subkey belongs to, and use the largest signing subkey on that > certificate. If you have a 3072-bit signing subkey on 14CA0E78, this > would explain your problem. > > Try: > > ~ $ gpg -u A39CE7E5! --digest-algo H11 -b test.txt > >
My fault for not including the complete shell output from the command, but GnuPG does indicate that it is using 2048-bit subkey A39CE7E5. I had already tried it with "!" just to be sure, but the result was the same, as is the result of attempting this with a 2048-bit primary key. Regardless of whether it is a sub-key or a primary, GnuPG just seems to mandate the use of SHA256 with 2048-bit DSA. This is not necessarily a bad thing, but it is not "by the book," so I am trying to ascertain why. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
