Re: Draft of nine new FAQ questions

Wed, 23 May 2012 14:42:07 -0700 

On May 23, 2012, at 4:45 PM, Robert J. Hansen wrote:

> I don't want to seem argumentative (especially because I haven't looked
> at the RFC lately), but I was under the impression the RFC was mostly
> silent on the subject of algorithms and key sizes -- DSA being a MUST
> algorithm, but little guidance beyond that.  Am I in error?

The fact that RSA can have different key sizes is clearly stated, since you 
need that information to interoperate, and that's what I was referring to.  I 
don't mean to say that one of the several reasons GnuPG supports 4096-bit keys 
is because the OpenPGP spec says they are better.  I mean to say that one of 
the several reasons GnuPG supports 4096-bit keys is because the OpenPGP spec 
says they *exist* (there is some implementation art here - we don't support 
8192-bit keys even though they obviously exist as well).

The way you stated it in the revised FAQ covers this very well.

The standard is indeed mostly silent on the topic on why you would *want* to 
pick a particular key size over a different key size.  That is appropriate for 
a message format document - it's not really taking sides.  Pretty much all it 
says is to be careful and notes that 4096 was the common limit at publication 
time:

 * OpenPGP does not put limits on the size of public keys.  However,
       larger keys are not necessarily better keys.  Larger keys take
       more computation time to use, and this can quickly become
       impractical.  Different OpenPGP implementations may also use
       different upper bounds for public key sizes, and so care should
       be taken when choosing sizes to maintain interoperability.  As of
       2007 most implementations have an upper bound of 4096 bits.

>> For #10, it might be worth mentioning something about the use of
>> different hash lengths (q) for the different DSA sizes.  The two sort
>> of go hand in hand.  Or for that matter, perhaps a question #11 "How
>> come my signatures from my 2048-bit DSA key use a different hash than
>> those from my 1024-bit DSA key?" would be interesting.
> 
> Added.

Excellent.  One note on the new text - it states that 2048-bit DSA keys use a 
224-bit hash.  In fact, a 2048-bit DSA key can use either 224 or 256-bit 
hashes.  GnuPG uses 256 here (but will of course accept a 224 generated 
elsewhere), so we're either using 160 or 256 unless someone forces 224 by 
picking an odd DSA key size like 1536.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to