When I try to create a dsa set of key files with -b 999, the key appears to be created with the default of 1024. This does not happen for type rsa or rsa1 keys. They get created with the number of bits I specified. I can't find this problem in the archives. DSA key generation: SY1 97 /SYSTEM/tmp> ssh-keygen -b 999 -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/tmp/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /tmp/.ssh/id_dsa. Your public key has been saved in /tmp/.ssh/id_dsa.pub. The key fingerprint is: 4b:24:3d:ed:a8:ef:20:d8:a3:da:80:4e:db:32:c9:d4 WELLIE at OMVSH SY1 98 /SYSTEM/tmp> ssh-keygen -l -f .ssh/id_dsa 1024 4b:24:3d:ed:a8:ef:20:d8:a3:da:80:4e:db:32:c9:d4 .ssh/id_dsa.pub RSA key generation: SY1 93 /SYSTEM/tmp> ssh-keygen -b 999 -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/tmp/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /tmp/.ssh/id_rsa. Your public key has been saved in /tmp/.ssh/id_rsa.pub. The key fingerprint is: 42:fc:14:2a:69:15:d9:99:b6:f5:96:a7:74:0c:a6:fd WELLIE at OMVSH SY1 94 /SYSTEM/tmp> ssh-keygen -l -f .ssh/id_rsa 999 42:fc:14:2a:69:15:d9:99:b6:f5:96:a7:74:0c:a6:fd .ssh/id_rsa.pub --------------------------------- Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month!
On Tue, Jul 01, 2003 at 07:50:20AM -0700, Greg Lambert wrote:> > When I try to create a dsa set of key files with -b 999, the key appears to be created with the default of 1024. This does not happen for type rsa or rsa1 keys. They get created with the number of bits I specified. I can't find this problem in the archives. >dsa is only defined for 1024
Greg Lambert wrote:> When I try to create a dsa set of key files with -b 999, the key appears> to be created with the default of 1024. This does not happen for type > rsa or rsa1 keys. They get created with the number of bits I > specified. I can't find this problem in the archives. OpenSSH uses the OpenSSL DSA_generate_parameters function to generate the DSA parameters. DSA_generate_parameters rounds the bit length off to a multiple of 64 bits (as specified in http://www.itl.nist.gov/fipspubs/fip186.htm ) => in your case 1024 bits. Nils