On Fri, Dec 31, 1999 at 12:19:07AM -0800, Michael Elkins wrote:
> On Thu, Dec 30, 1999 at 07:37:09PM -0600, David DeSimone wrote:
>> As I understand it, a PGP signature is not an encryption of the message,
>> but an encryption of an MD5 (or SHA) *digest* of the message. This is
>> like a checksum, though much more sophisticated, but it is always the
>> same size. Therefore, the encryption of the message digest will also be
>> the same size, always.
> This is true. To clarify even more, the signature is always the same size
> as the number of bits in your OpenPGP public key, regardless of which message
> digest algorithm you are using.
For RSA the signature is the size of the key (more exactly, the size
of the modulus, which is just one component of the key), but for DSA
this is not true. DSA signatures consist of two 160-bit numbers,
while the key size (which again really is just the length of a
modulus) is at least 512, usually 1024.
