Search options

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Not to be the newbie comin' in, steppin' on other's "things" (dee eye see kay ess), I just wanted to post an interesting tidbit.

In DSA2, the length of the hash is determined by a value called q (or what qbits in keygen.c becomes in the DSA2 key).  Truncation to a specific number of bits occurs because the algorithm's output is longer than q.  My key has it's q set to 512 to fully accomidate the SHA512 hash output.  I tested this by signing a message using SHA256 and SHA512 explicitly with seperate keys, one with a q of 256 and another with a q of 512, and the larger q had the larger signature block output (and it would refuse to use anything but SHA512).

Just to let you know, you cannot make this modification (to my knowledge) in your key unless you modify the logic in the function that prepares DSA2 key generation in keygen.c that selects the qbits value.  Though a modified GnuPG is NOT required to utilize a key that has a q that's larger than 256, one is required to generate a key with that value.  Simply using an unmodified GnuPG to check my signature on this message is proof enough that the key, not GnuPG programming, limits the hash size.

This is really only useful if you want to use a DSA2 key larger than 3072 bits.  For example, the DSA2 key that signed this message is 0x5E6DDEF6, a 4096 bit DSA2 sub key of 0x491362F1.

Let me know if you want more info...

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 - *.:{Hack.I.T Edition r0001}:.*

iJ4EAREKAAYFAkpCbhcACgkQ+7Rzy15t3vbrSAH8DE4ycQT4eLVzdueFakWd2nzG
jMn/eh+3y7L8++No8HaO3RDZBpl052BHdQ9V8XeO0cnDZ0YKp4D5Ju9k2nSEggH8
D10U9+vMSmiDu+XbPaYf1HFexEDjbZnq2qbY4L67YlI/FnRENUpMTOR4FPRpxMTm
CRed+k6DSFhItEKJ4iQZMA==
=j++4
-----END PGP SIGNATURE-----