Curiosity with RSA sign/encrypt keys

Brian M. Carlson
Mon Jul 9 18:20:02 2001

David Shaw wrote:

> When looking at the actual packets in the key, the main public key is
> algorithm 1 (i.e. "RSA Encrypt or Sign" as per RFC 2440). The subkey
> is also algorithm 1. However, if I sign with this key, gnupg will
> only use the main key, and if I encrypt with this key, gnupg will only
> use the subkey. The "!" syntax still does not allow me to encrypt to
> the main key. I tried removing the subkey altogether, leaving only
> the main key and gnupg still would not allow it to be used for
> encryption ("unusuable public key").
PGP will generate v4 keys with algo 1 and keyflags (subpacket 27?) that prohibit usage of each key or subkey for anything but signing or encrypting, respectively. This is why you are having this issue.
> There are other algorithms (2 for RSA encrypt-only, and 3 for RSA
> sign-only) that would make sense with this restriction, but algorithm
> 1 is specifically specified as an encryption and signing key.
These types are deprecated and IIRC, SHOULD NOT be used. Key flags provide a much better alternative. The only reason anyone still uses type 16 (ELG-E) for subkeys on D/g keys is because of PGP 5, 6, and 7, which ignore type 20 (ELG), even with keyflags. The standard specifies this somewhere around sec 9-12.
> I know that in real world use, there are a zillion reasons to use
> primary and subkeys to divide signing and encryption and not use the
> same key for both. I'm just trying to understand gnupg's behavior
> here.
gpg has done the Right Thing according to the standard, if the key has been generated with PGP. Anything else would be a violation of RFC2440-bis02.