>It doesn't work that way. SHA-1 doesn't even work with DSA2 keys. >DSA2 doesn't mean "a bigger DSA key". It means "a bigger hash with a >bigger DSA key". DSA2 allows for any hash size that is equal to or >greater than the hash size that was used when generating the key. >Thus, for example, it is legal (albeit silly) to use SHA-512 with a >old DSA key (which uses a 160-bit hash). We just truncate to fit.
So just to clarify -- A 3096 bit DSA signing key could only be used with the SHA-512 hash? Thanks for the explanation! _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
