Curiosity with RSA sign/encrypt keys

David Shaw dshaw@jabberwocky.com
Mon Jul 9 23:03:01 2001


On Mon, Jul 09, 2001 at 11:18:22AM -0500, Brian M. Carlson wrote:

> David Shaw wrote:
> >
> > When looking at the actual packets in the key, the main public key is
> > algorithm 1 (i.e. "RSA Encrypt or Sign" as per RFC 2440). The subkey
> > is also algorithm 1. However, if I sign with this key, gnupg will
> > only use the main key, and if I encrypt with this key, gnupg will only
> > use the subkey. The "!" syntax still does not allow me to encrypt to
> > the main key. I tried removing the subkey altogether, leaving only
> > the main key and gnupg still would not allow it to be used for
> > encryption ("unusuable public key").
>
> PGP will generate v4 keys with algo 1 and keyflags (subpacket 27?) that
> prohibit usage of each key or subkey for anything but signing or
> encrypting, respectively. This is why you are having this issue.
Aha, interesting. Now it makes sense (I missed the keyflags packet). Thanks! I wonder why PGP generates v4 RSA keys this way. I know there are many procedural reasons why it is not a good idea to use a single key for both signing and encryption, but is there a cryptographic reason why using a single RSA key for both signing and encryption is a poor idea, or was it just done to maintain the DSS/ELG key/subkey sign/encrypt way of doing things that people were familiar with? I'm looking forward to v4 RSA support in gnupg. It neatly addresses a common complaint about keeping a very large sign-only key that never expires to collect signatures, and using the subkeys on that key for actual work. Gnupg's --export-secret-subkeys feature, plus v4 RSA pretty much nails the problem for me. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson