On Mon, 11 Feb 2008 05:13, [EMAIL PROTECTED] said:
> A 3096 bit DSA signing key could only be used with the SHA-512 hash?
It is possible to use it with a shorter hash but that does not make
sense.
Please think twice before you start to generate such a long key. It
needs a lot more of performanc
On Sun, Feb 10, 2008 at 10:13:11PM -0600, Kevin Hilton wrote:
> >It doesn't work that way. SHA-1 doesn't even work with DSA2 keys.
> >DSA2 doesn't mean "a bigger DSA key". It means "a bigger hash with a
> >bigger DSA key". DSA2 allows for any hash size that is equal to or
> >greater than the has
>You could use SHA-512 with
>it if you liked, but the hash would be truncated to 256 bits.
Interesting. Are the higher or lower bits truncated?
>We follow the advice in FIPS 180-3:
>
> L = 1024, N = 160
> L = 2048, N = 224
> L = 3072, N = 256
Ok. So back to the ever asking defau
On Sun, Feb 10, 2008 at 09:51:03PM -0600, Robert J. Hansen wrote:
> David Shaw wrote:
>> This is not how it works. There is nothing becoming de-facto here.
>> Longer DSA keys are the de-jure standard today, and people are just
>> going to have to upgrade.
>
> I think that's reversed: DSA2 is quick
David Shaw wrote:
This is not how it works. There is nothing becoming de-facto here.
Longer DSA keys are the de-jure standard today, and people are just
going to have to upgrade.
I think that's reversed: DSA2 is quickly becoming a de facto standard,
but it is not a de jure standard.
De fact
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- Original Message
Subject: Re: Are DSA2 signing keys backwards compatible?
From: Kevin Hilton <[EMAIL PROTECTED]>
To: gnupg-users@gnupg.org
Date: Sunday, February 10, 2008 11:13:11 PM
> So just to clarify --
> A 3096 bit DSA sig
On Sun, Feb 10, 2008 at 10:34:51PM -0600, Kevin Hilton wrote:
> >Sign = sign some data
> >Certify = sign a key
> >Authenticate = prove you are you
>
> >Authenticate is used for things like using an OpenPGP key for ssh.
>
> I forgot about the certifying of keys, sorry about that.
>
> I knew opens
>Sign = sign some data
>Certify = sign a key
>Authenticate = prove you are you
>Authenticate is used for things like using an OpenPGP key for ssh.
I forgot about the certifying of keys, sorry about that.
I knew openssh utilized rsa or dsa keys, but didn't know that the same
gpg keys could be use
>It doesn't work that way. SHA-1 doesn't even work with DSA2 keys.
>DSA2 doesn't mean "a bigger DSA key". It means "a bigger hash with a
>bigger DSA key". DSA2 allows for any hash size that is equal to or
>greater than the hash size that was used when generating the key.
>Thus, for example, it i
On Sun, Feb 10, 2008 at 10:01:42PM -0500, David Shaw wrote:
> On Sun, Feb 10, 2008 at 08:30:24PM -0600, Kevin Hilton wrote:
> > Just to clarify for some other users,
> >
> > What version of GnuPG were the DSA2 keys (or longer DSA signing keys)
> > and the additional SHA hashes introduced?
>
> The
On Sun, Feb 10, 2008 at 08:48:13PM -0600, Kevin Hilton wrote:
> When I perform a
>
> gpg --expert --gen-key
>
> Im given the following options:
>
> Please select what kind of key you want:
>(1) DSA and Elgamal (default)
>(2) DSA (sign only)
>(3) DSA (set your own capabilities)
>(
On Sun, Feb 10, 2008 at 08:30:24PM -0600, Kevin Hilton wrote:
> Just to clarify for some other users,
>
> What version of GnuPG were the DSA2 keys (or longer DSA signing keys)
> and the additional SHA hashes introduced?
They were not introduced at the same time. As you said in your
earlier mail,
When I perform a
gpg --expert --gen-key
Im given the following options:
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(3) DSA (set your own capabilities)
(5) RSA (sign only)
(7) RSA (set your own capabilities)
Your selection?
If I sele
Just to clarify for some other users,
What version of GnuPG were the DSA2 keys (or longer DSA signing keys)
and the additional SHA hashes introduced?
A little of topic, but I'm predicting a future foreseeable bump in the
road when the Secure Hash Standard is named in 2011 (or whenever the
recent
On Sun, Feb 10, 2008 at 04:47:37PM -0600, Kevin Hilton wrote:
> Are DSA2 signing keys (or simply DSA keys that are larger than 1024
> bits) backwards compatible with older GnuPG versions prior to 1.48?
Basically, no. It's the main reason why --enable-dsa2 is off by
default.
David
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lance W. Haverkamp wrote:
> Having looked through much documentation & some trial and error; it
> seems there is no way to sign (detached) multiple files. I need to sign
> dozens (or hundreds) of photos at a time. I am *not* a programmer.
>
> I di
Are DSA2 signing keys (or simply DSA keys that are larger than 1024
bits) backwards compatible with older GnuPG versions prior to 1.48?
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-use
Having looked through much documentation & some trial and error; it
seems there is no way to sign (detached) multiple files. I need to sign
dozens (or hundreds) of photos at a time. I am *not* a programmer.
I did coble together a (Linux) script:
#!/bin/bash
for i in $( ls ); do
gpg -b $i
don
On Wed, Feb 06, 2008 at 11:35:14AM -0800, Texaskilt wrote:
>
> Apologies if this has already been asked. Honestly, I did my homework and
> looked in the archives!
>
> I am wanting to setup up users to use GnuPG for encrypting email, mainly for
> internal e-mail.
>
> Unfortunately, the "powers-t
Dnia 06-02-2008, Śr o godzinie 10:03 -0500, Steve Revilak pisze:
> > I have a file that I encrypted for myself
> > and I want to read some information from it.
> > The file is a text file and I need to read several lines of it.
> >
> > The following requirements must be met:
>
> I was going to
Dnia 05-02-2008, Wt o godzinie 11:36 -0600, Robert J. Hansen pisze:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Krzysztof Żelechowski wrote:
> > The decrypted information must not make it to any persistent medium
>
> GnuPG is almost certainly the wrong tool for your job. GnuPG has
Thanks a lot for the keywords, the hints and the missing parts.
Indeed, I hoped that such an application
did not need a custom implementation
because IMHO encrypting information is useless
if you cannot view the information
without exposure to eavesdropping or tracing.
I have to review what
Apologies if this has already been asked. Honestly, I did my homework and
looked in the archives!
I am wanting to setup up users to use GnuPG for encrypting email, mainly for
internal e-mail.
Unfortunately, the "powers-that-be" want everyone that encrypts an email to
also encrypt it to the "cor
Any glues which might cause this?
https://bugzilla.redhat.com/show_bug.cgi?id=427500
Br,
Tuju
PS: I'm not subscribing the list.
--
Varo hattupäisiä autoilijoita.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman
On Sat, Feb 09, 2008 at 11:29:08PM -0600, Kevin Hilton wrote:
> >Twofish is almost entirely abandoned nowadays, but it still exists in
> >PGP and GnuPG. Once a bad decision is made in engineering, the
> >engineers are stuck supporting it forever.
>
> Is this statement really true or just opinion?
25 matches
Mail list logo
