Standards and PGP wraper

Werner Koch wk at isil.d.shuttle.de
Tue Nov 10 09:22:25 CET 1998


Niklas Hernaeus <nh at sleipner.df.lth.se> writes:

> The reason to split the key to one encryption key and one signing key is
> not that technical.  One reason that this was done to PGP was the side

Some cryptographers believe that different keys for signing and
encryption are more secure.

> effect to make key escrow possible, and that is a purely political issue.

  * and because it is not possible to use DSA for encryption (yes I know
    there is a workaround).

  * ElGamal signatures are much slower and the sigantures are larger

  * PGP Inc. didn't figure out how to avoid the Bleichenbacher attack on
    ElGamal signatures (The code for Elgamal signatures is in pgp 5.0
    but it commented out

> I find key escrow to be a very bad solution to a problem, both technically
> and politically, for several reasons, and I therefore see no reason at all
> to use a split key solution.

I can't see how you can use split key (we should better call it
secondary keys - because "split key" is normally used for a different
task) for key escrow.  Okay, it makes it easy to change the encryption
key - whether this helps key escrow is not clear.


  Werner





More information about the Gnupg-devel mailing list