Generating DSA keys of different length
Markus Friedl
markus at openbsd.org
Wed Jul 2 05:36:28 EST 2003
only 1024 bit dsa/dss keys will interoperate with
other implementations.
if you want to use more bits, then use rsa, there's
(almost) no reason to use dsa/dss.
On Tue, Jul 01, 2003 at 10:05:30AM -0700, Greg Lambert wrote:
> What do you mean by "defined"? ssh-keygen lets me specifiy values different that 1024 without complaining. In fact it created keys of different length. although I am having trouble verifying that the key length is equal the number of bits I specified:
>
> /home/greg/.ssh$ ssh-keygen -b 512 -t dsa
> Generating public/private dsa key pair.
> Enter file in which to save the key (/home/greg/.ssh/id_dsa):
> /home/greg/.ssh/id_dsa already exists.
> Overwrite (y/n)? y
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
> Your identification has been saved in /home/greg/.ssh/id_dsa.
> Your public key has been saved in /home/greg/.ssh/id_dsa.pub.
> The key fingerprint is:
> 34:f8:02:39:2a:f8:67:3f:8a:e9:40:b5:a8:20:75:58 WELLIE at OMVSH
>
> /home/greg/.ssh$ ssh-keygen -l -f /home/greg/.ssh/id_dsa
> 512 34:f8:02:39:2a:f8:67:3f:8a:e9:40:b5:a8:20:75:58 /home/greg/.ssh/id_dsa.pub
> /home/greg/.ssh$
>
>
> Markus Friedl <markus at openbsd.org> wrote:
> On Tue, Jul 01, 2003 at 07:50:20AM -0700, Greg Lambert wrote:
> >
> > When I try to create a dsa set of key files with -b 999, the key appears to be created with the default of 1024. This does not happen for type rsa or rsa1 keys. They get created with the number of bits I specified. I can't find this problem in the archives.
> >
>
> dsa is only defined for 1024
>
> ---------------------------------
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
More information about the openssh-unix-dev
mailing list