Page MenuHome GnuPG

When generating a DSA or Elgamal key with --expert GPG claims that keys smaller than 1024 bits are supported when they are not.
Closed, ResolvedPublic

Details

Version
1.4.20,2.0.30

Event Timeline

Please explain what you are eactly doing: Give the command typed and all output.
What OS are you using.

I have tested this bug in Debian and Windows.

When running "gpg --gen-key --expert" GPG displays:

     DSA keys may be between 512 and 3072 bits long.

and

     ELG-E keys may be between 512 and 4096 bits long.

however entering 512 will result in

     gpg: keysize invalid; using 2048 bits

     gpg --gen-key --expert
     gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
     This is free software: you are free to change and redistribute it.
     There is NO WARRANTY, to the extent permitted by law.

     Please select what kind of key you want:
        (1) RSA and RSA (default)
        (2) DSA and Elgamal
        (3) DSA (sign only)
        (4) RSA (sign only)
        (7) DSA (set your own capabilities)
        (8) RSA (set your own capabilities)
     Your selection? 2

--> DSA keys may be between 512 and 3072 bits long.

What keysize do you want? (2048) 512
Requested keysize is 512 bits

--> ELG-E keys may be between 512 and 4096 bits long.

     What keysize do you want for the subkey? (2048) 512
     Requested keysize is 512 bits
     Please specify how long the key should be valid.
              0 = key does not expire
           <n>  = key expires in n days
           <n>w = key expires in n weeks
           <n>m = key expires in n months
           <n>y = key expires in n years
     Key is valid for? (0) 0
     Key does not expire at all
     Is this correct? (y/N) y

     You need a user ID to identify your key; the software constructs the user ID
     from the Real Name, Comment and Email Address in this form:
         "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

     Real name: user_id
     Email address:
     Comment:
     You selected this USER-ID:
         "user_id"

     Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
     You need a Passphrase to protect your secret key.

     You don't want a passphrase - this is probably a *bad* idea!
     I will do it anyway.  You can change your passphrase at any time,
     using this program with the option "--edit-key".

     We need to generate a lot of random bytes. It is a good idea to perform
     some other action (type on the keyboard, move the mouse, utilize the
     disks) during the prime generation; this gives the random number
     generator a better chance to gain enough entropy.

--> gpg: keysize invalid; using 2048 bits

gpg: WARNING: some OpenPGP programs can't handle a DSA key with this digest

size

...[truncated]...
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

--> gpg: keysize invalid; using 2048 bits

     ...[truncated]...

     gpg: key F0E7A41B marked as ultimately trusted
     public and secret key created and signed.

     gpg: checking the trustdb
     gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
     gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
     pub   2048D/F0E7A41B 2016-02-01
           Key fingerprint = C789 E572 4A8B BC1B 3108  F34E 36F4 D0CC F0E7 A41B
     uid                  user_id
     sub   2048g/977768CF 2016-02-01

Thanks. This seems to be a gpg 1.4 only bug.

werner lowered the priority of this task from Normal to Low.Feb 1 2016, 3:46 PM
werner added a project: gnupg (gpg14).
gniibe changed Version from 1.4.20 to 1.4.20,2.0.30.Jul 6 2016, 5:11 AM
gniibe added a subscriber: gniibe.

Fixed in the repo STABLE-BRANCH-1-4.
Forward ported to STABLE-BRANCH-2-0.
It's not in master (2.1).

gniibe claimed this task.
gniibe added a project: Unreleased.

1.4 has been released - waiting for 2.0