Which type of key should I choose and why?

L. Sassaman rabbi@quickie.net
Mon, 16 Oct 2000 20:13:42 -0700 (PDT) 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 16 Oct 2000, Paul L. Allen wrote:


> That's what I gathered.  At a guess, in the first DSA is taking the

> place of MD5 from the original with EG in the RSA role and in the

> other option EG is being used both for encryption and cryptographic

> hashing.  But I've yet to find anything confirming that guess or

> saying why one is preferable to the other.


Nope, SHA-1 is taking the place of MD5.

DSA is taking the place of RSA for signing, and ElGamal is taking the
place of RSA for encryption.

RFC 2440 has the gorey details.
 

> Good thinking.  That's certainly a good point.  Using EG for both

> functions would therefore presumably mean either accepting weaker

> signing or more time-consuming encryption.  But that's a pure guess

> which may be wrong.  Basically, this is a weak-spot in the docs because

> users shouldn't have to puzzle it out for themselves or make guesses.

> It's as intrinsic to correct operation as choosing the right key size

> and that is covered in detail.


Phil Zimmermann calls DSA "ElGamal debugged". There's academic attacks
against ElGamal signatures. Don't use it for signing.
 

> I noticed.  But I don't know if EG got added to PGP because of technical

> superiority or to evade the patent difficulties that made it such a

> hassle to ensure you were using it legally.  So I don't know if I should

> be using EG or RSA for encryption strength now that GPG offers both.


It was mainly licensing issues that prompted the use of DSA/ElGamal in PGP
3. (Later renamed PGP 5.)

But it was a convenient excuse to revisit the PGP key format, and develop
v4 keys which added more functionality and versatility in features.
 

> > but will only generate ones using version 4 packet formats, not the older

> > version 3 packets. Given the advantages of v4 keys I think that's

> > understandable.

> 

> Trouble is, one of the reasons I'm looking at GPG is for use with

> automated verification systems used by various domain registrars.

> They use PGP but don't say what version.  I know I can get RSA and

> (somewhat dubiously) IDEA but I still don't know if that's enough to

> interoperate with what those registries are using.  Or maybe DSA/EG is

> enough but the packet format will cause me problems.


I think there needs to be better v3 key support. Whether or not GnuPG
generates v3 keys, it needs to be able to utilize them.
 

> > There's also module implementing the AES selection, Rijndael,

> > already...

> 

> So I noticed, although I hadn't realized that was the AES selection.  To

> be honest, if they're happy with it, I'm not, given the political

> constraints they probably operated under...


That makes no sense.

But, for what it's worth, I met the Rijndael authors today, and they
looked quite happy. :)

__

L. Sassaman

Security Architect             |  "Lose your dreams and you
Technology Consultant          |   will lose your mind."
                               |   
http://sion.quickie.net        |       --The Rolling Stones


-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE568PtPYrxsgmsCmoRAuE2AJwKjiB9tuDYmVMXf8mAwkT2YD/cegCgvROj
gSDhsfttqlu3BZuDlH+Nwvk=
=d3Fh
-----END PGP SIGNATURE-----

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org