(Re-)Introduce minimum hash algorithm lengths for ECDSA and EdDSA (!338) · Merge requests · openpgp-wg / rfc4880bis

Daniel Huigens requested to merge twisstle/rfc4880bis:eddsa-hash-algo-requirements into main Sep 28, 2023

Addresses https://mailarchive.ietf.org/arch/msg/openpgp/8Ar6K10MJfmpHTBRCz2Redt7Lag/.

Require using a hash function with a digest size of at least the field size of the curve (e.g., at least SHA2-256 for P-256), except SHA{2,3}-512 may be used for P-521.

Also, allow using DSA with a hash algorithm longer than the size of q. The following text already describes how to do this, so the existing text prohibiting this seems contradictory.

Edited Sep 28, 2023 by Daniel Huigens

(Re-)Introduce minimum hash algorithm lengths for ECDSA and EdDSA

Merge request reports