Which type of key should I choose and why?

L. Sassaman rabbi@quickie.net
Mon, 16 Oct 2000 20:03:40 -0700 (PDT)

Hash: SHA1

On Sun, 15 Oct 2000, Paul L. Allen wrote:

> Thanks for your answers. You've cleared up the query about why
> signature-only. Now all I need to know is under what circumstances
> DSA+ElGamal is preferable to ElGamal (sign and encrypt) and vice
Actually, the ElGamal sign and encrypt keys are actually two keys, just like the DSA + ElGamal. The exception is that ElGamal is used as the signing key algo instead of DSA. And there are no instances where ElGamal sign and encrypt should be used, period.
> Basically, I'd like to know if the difference between the options is
> technical (this cipher or this signature algorithm is stronger) or
> operational (you can delete one of the keys if you need to and have
> the time and maybe have some degree of protection against some forms
> or abuse by authority).
Neither. It was legal... at the time that Werner started working on GnuPG, he wasn't sure of the patent issues regarding DSA, and chose to use ElGamal instead.
> Come to that, now RSA let the patent go early, are there any advantages to
> using that instead of the others?
There are some. RSA v3 keys provide backward compatability with PGP 2.6. [A tangent here: Werner, could v3 key generation be added in the form of a module, or doesn't the module system support that level of extension?] RSA v4 keys have just been added to PGP 7.0. There are multiple technical reasons to use them instead... and multiple technical reasons for using DSA/ElGamal. A lot of VPN software solutions only support RSA, and if you use your PGP key with RSA and need v4 features, you will need an RSA v4 key. DSA signatures are not nearly as large as RSA signatures with large key sizes. Etc. Encryption and signature and key generation times differ. Someone must have a comparason of DSA and RSA and ElGamal on the web somewhere... I'll look. BTW, there is no reason why you couldn't have a DSA key with an RSA encryption key, or an RSA signing key with an ElGamal encryption key... or multiple subkeys of different types... (no, I don't recommend this, as it will further complicate matters... but it is definately possible.) __ L. Sassaman Security Architect | "Lose your dreams and you Technology Consultant | will lose your mind." | http://sion.quickie.net | --The Rolling Stones -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE568GUPYrxsgmsCmoRAkN0AJ9/QgNAoyGBU05YEhZWr53bX/Q66ACcCOSM QVxRmIPIr8JU3Ctc+J1rwO4= =0Pha -----END PGP SIGNATURE----- -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org