DSS Standard

Thu, 24 Aug 2000 16:36:10 +0200

On Thu, 24 Aug 2000, Stefan Nobis wrote:

> But there are two keys, one for encryption and one for signing, or not?

Right.  It is better to use different keys for signing and encryption;
it has also the advantage that you can retire the encryption key from
time to time (Hello RIP) to gain forward secrecy.

The usually used encryption key is an ElGamal (aka DH) key which has
other properties than DSA.  ElGamal can also be used for signing but
this is seen as a non so secure way and quite complicated to do right;
therefor it is better to use DSA for signing - Phil Zimmermann calls
DSA "ElGamal debugged".

  Werner

-- 
Werner Koch				GnuPG key:  621CC013
OpenIT GmbH                             http://www.OpenIT.de

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org