Curiosity with RSA sign/encrypt keys
Brian M. Carlson
Mon Jul 9 18:20:02 2001
David Shaw wrote:
> When looking at the actual packets in the key, the main public key is
> algorithm 1 (i.e. "RSA Encrypt or Sign" as per RFC 2440). The subkey
> is also algorithm 1. However, if I sign with this key, gnupg will
> only use the main key, and if I encrypt with this key, gnupg will only
> use the subkey. The "!" syntax still does not allow me to encrypt to
> the main key. I tried removing the subkey altogether, leaving only
> the main key and gnupg still would not allow it to be used for
> encryption ("unusuable public key").
PGP will generate v4 keys with algo 1 and keyflags (subpacket 27?) that
prohibit usage of each key or subkey for anything but signing or
encrypting, respectively. This is why you are having this issue.
> There are other algorithms (2 for RSA encrypt-only, and 3 for RSA
> sign-only) that would make sense with this restriction, but algorithm
> 1 is specifically specified as an encryption and signing key.
These types are deprecated and IIRC, SHOULD NOT be used. Key flags
provide a much better alternative. The only reason anyone still uses
type 16 (ELG-E) for subkeys on D/g keys is because of PGP 5, 6, and 7,
which ignore type 20 (ELG), even with keyflags. The standard specifies
this somewhere around sec 9-12.
> I know that in real world use, there are a zillion reasons to use
> primary and subkeys to divide signing and encryption and not use the
> same key for both. I'm just trying to understand gnupg's behavior
gpg has done the Right Thing according to the standard, if the key has
been generated with PGP. Anything else would be a violation of