diff options
author | Werner Koch <wk@gnupg.org> | 2008-11-26 11:59:14 +0000 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2008-11-26 11:59:14 +0000 |
commit | d665b72c1f810b88849bf839d382264fe52f38bc (patch) | |
tree | b47f5fcdd5778a5a84b9b888d3e0eadd52146bba /doc | |
parent | a66817e01b68920e7d50b7bd59893ca3b2ee0367 (diff) | |
download | libgcrypt-d665b72c1f810b88849bf839d382264fe52f38bc.tar.gz |
Prepare for FIPS186-3.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/gcrypt.texi | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index f6ae0509..64e6480c 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2759,12 +2759,19 @@ usually not required. Note that this algorithm is implicitly used if either @code{derive-parms} is given or Libgcrypt is in FIPS mode. @item use-fips186 +Force the use of the FIPS 186 key generation algorithm instead of the +default algorithm. This flag is only meaningful for DSA and usually +not required. Note that this algorithm is implicitly used if either +@code{derive-parms} is given or Libgcrypt is in FIPS mode. As of now +FIPS 186-2 is implemented; after the approval of FIPS 186-3 the code +will be changed to implement 186-3. + + +@item use-fips186-2 Force the use of the FIPS 186-2 key generation algorithm instead of -the default algorithm. This flag is only meaningful for DSA and -usually not required. Note that this algorithm is implicitly used if -either @code{derive-parms} is given or Libgcrypt is in FIPS mode. -This implementation may be changed in future to use the forthcoming -FIPS 186-3 algorithm. +the default algorithm. This algorithm has a slighlty different from +FIPS 186-3 and allws only 1024 bit keys. This flag is only meaningful +for DSA and only required for FIPS testing backward compatibility. @end table |