Which type of key should I choose and why?
Mon, 16 Oct 2000 20:13:42 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 16 Oct 2000, Paul L. Allen wrote:
> That's what I gathered. At a guess, in the first DSA is taking the
> place of MD5 from the original with EG in the RSA role and in the
> other option EG is being used both for encryption and cryptographic
> hashing. But I've yet to find anything confirming that guess or
> saying why one is preferable to the other.
Nope, SHA-1 is taking the place of MD5.
DSA is taking the place of RSA for signing, and ElGamal is taking the
place of RSA for encryption.
RFC 2440 has the gorey details.
> Good thinking. That's certainly a good point. Using EG for both
> functions would therefore presumably mean either accepting weaker
> signing or more time-consuming encryption. But that's a pure guess
> which may be wrong. Basically, this is a weak-spot in the docs because
> users shouldn't have to puzzle it out for themselves or make guesses.
> It's as intrinsic to correct operation as choosing the right key size
> and that is covered in detail.
Phil Zimmermann calls DSA "ElGamal debugged". There's academic attacks
against ElGamal signatures. Don't use it for signing.
> I noticed. But I don't know if EG got added to PGP because of technical
> superiority or to evade the patent difficulties that made it such a
> hassle to ensure you were using it legally. So I don't know if I should
> be using EG or RSA for encryption strength now that GPG offers both.
It was mainly licensing issues that prompted the use of DSA/ElGamal in PGP
3. (Later renamed PGP 5.)
But it was a convenient excuse to revisit the PGP key format, and develop
v4 keys which added more functionality and versatility in features.
> > but will only generate ones using version 4 packet formats, not the older
> > version 3 packets. Given the advantages of v4 keys I think that's
> > understandable.
> Trouble is, one of the reasons I'm looking at GPG is for use with
> automated verification systems used by various domain registrars.
> They use PGP but don't say what version. I know I can get RSA and
> (somewhat dubiously) IDEA but I still don't know if that's enough to
> interoperate with what those registries are using. Or maybe DSA/EG is
> enough but the packet format will cause me problems.
I think there needs to be better v3 key support. Whether or not GnuPG
generates v3 keys, it needs to be able to utilize them.
> > There's also module implementing the AES selection, Rijndael,
> > already...
> So I noticed, although I hadn't realized that was the AES selection. To
> be honest, if they're happy with it, I'm not, given the political
> constraints they probably operated under...
That makes no sense.
But, for what it's worth, I met the Rijndael authors today, and they
looked quite happy. :)
Security Architect | "Lose your dreams and you
Technology Consultant | will lose your mind."
http://sion.quickie.net | --The Rolling Stones
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
-----END PGP SIGNATURE-----
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to email@example.com