ssh-keygen -t dsa limited to 1024?
Kyle J. McKay
mackyle at gmail.com
Tue Sep 10 18:29:22 EST 2013
Looking at ssh-keygen.c from openssh-6.2p2.tar.gz lines 186-187:
if (type == KEY_DSA && *bitsp != 1024)
fatal("DSA keys must be 1024 bits");
It appears to me that ssh-keygen will only generate 1024 bit DSA keys.
Is that still current?
FIPS 186-3 (2009-06) section 4.2 and FIPS 186-4  (2013-07) section
4.2 Selection of Parameter Sizes and Hash Functions for DSA
This Standard specifies the following choices for the pair L and N
(the bit lengths of p and q,
L = 1024, N = 160
L = 2048, N = 224
L = 2048, N = 256
L = 3072, N = 256
Federal Government entities shall generate digital signatures using
use one or more of these
I see there is bug 1647  about this.
However, RFC 6668  (2012-07) added SHA-256 to the recommended list
of data integrity functions for SSH making the L=2048,N=256 and
L=3072,N=256 DSA choices from FIPS 186-3/186-4 standards compliant.
It also appears that OpenSSH added support for both SHA-256 and
SHA-512 in version 5.9p1 (2011-09).
I have updated bug 1647 with the additional information.
Are there any plans to add support for generating DSA 2048, 3072 keys?
P.S. What, by the way, does OpenSSH do if you have an existing DSA
2048 or 3072 key? (OpenSSL will generate them just fine.)
More information about the openssh-unix-dev