Curiosity with RSA sign/encrypt keys

[Brian M. Carlson]

David Shaw wrote:
> 
> When looking at the actual packets in the key, the main public key is
> algorithm 1 (i.e. "RSA Encrypt or Sign" as per RFC 2440).  The subkey
> is also algorithm 1.  However, if I sign with this key, gnupg will
> only use the main key, and if I encrypt with this key, gnupg will only
> use the subkey.  The "!" syntax still does not allow me to encrypt to
> the main key.  I tried removing the subkey altogether, leaving only
> the main key and gnupg still would not allow it to be used for
> encryption ("unusuable public key").

PGP will generate v4 keys with algo 1 and keyflags (subpacket 27?) that
prohibit usage of each key or subkey for anything but signing or
encrypting, respectively. This is why you are having this issue.
 
> There are other algorithms (2 for RSA encrypt-only, and 3 for RSA
> sign-only) that would make sense with this restriction, but algorithm
> 1 is specifically specified as an encryption and signing key.

These types are deprecated and IIRC, SHOULD NOT be used. Key flags
provide a much better alternative. The only reason anyone still uses
type 16 (ELG-E) for subkeys on D/g keys is because of PGP 5, 6, and 7,
which ignore type 20 (ELG), even with keyflags. The standard specifies
this somewhere around sec 9-12.

> I know that in real world use, there are a zillion reasons to use
> primary and subkeys to divide signing and encryption and not use the
> same key for both.  I'm just trying to understand gnupg's behavior
> here.

gpg has done the Right Thing according to the standard, if the key has
been generated with PGP. Anything else would be a violation of
RFC2440-bis02.