Which type of key should I choose and why?

L. Sassaman rabbi@quickie.net
Mon, 16 Oct 2000 20:03:40 -0700 (PDT) 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 15 Oct 2000, Paul L. Allen wrote:


> Thanks for your answers.  You've cleared up the query about why

> signature-only.  Now all I need to know is under what circumstances

> DSA+ElGamal is preferable to ElGamal (sign and encrypt) and vice


Actually, the ElGamal sign and encrypt keys are actually two keys, just
like the DSA + ElGamal. The exception is that ElGamal is used as the
signing key algo instead of DSA.

And there are no instances where ElGamal sign and encrypt should be used,
period.


> Basically, I'd like to know if the difference between the options is

> technical (this cipher or this signature algorithm is stronger) or

> operational (you can delete one of the keys if you need to and have

> the time and maybe have some degree of protection against some forms

> or abuse by authority).


Neither. It was legal... at the time that Werner started working on GnuPG,
he wasn't sure of the patent issues regarding DSA, and chose to use
ElGamal instead.
 

> Come to that, now RSA let the patent go early, are there any advantages to

> using that instead of the others?


There are some. RSA v3 keys provide backward compatability with PGP 2.6. 

[A tangent here: Werner, could v3 key generation be added in the form of a
module, or doesn't the module system support that level of extension?]

RSA v4 keys have just been added to PGP 7.0. There are multiple technical
reasons to use them instead... and multiple technical reasons for using
DSA/ElGamal. A lot of VPN software solutions only support RSA, and if you
use your PGP key with RSA and need v4 features, you will need an RSA v4
key.

DSA signatures are not nearly as large as RSA signatures with large key
sizes.

Etc.

Encryption and signature and key generation times differ.

Someone must have a comparason of DSA and RSA and ElGamal on the web
somewhere... I'll look.

BTW, there is no reason why you couldn't have a DSA key with an RSA
encryption key, or an RSA signing key with an ElGamal encryption key... or
multiple subkeys of different types... (no, I don't recommend this, as it
will further complicate matters... but it is definately possible.) 

__

L. Sassaman

Security Architect             |  "Lose your dreams and you
Technology Consultant          |   will lose your mind."
                               |   
http://sion.quickie.net        |       --The Rolling Stones

-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE568GUPYrxsgmsCmoRAkN0AJ9/QgNAoyGBU05YEhZWr53bX/Q66ACcCOSM
QVxRmIPIr8JU3Ctc+J1rwO4=
=0Pha
-----END PGP SIGNATURE-----

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org