Curiosity with RSA sign/encrypt keys
David Shaw
dshaw@jabberwocky.com
Mon Jul 9 23:03:01 2001
On Mon, Jul 09, 2001 at 11:18:22AM -0500, Brian M. Carlson wrote:
> David Shaw wrote:
> >
> > When looking at the actual packets in the key, the main public key is
> > algorithm 1 (i.e. "RSA Encrypt or Sign" as per RFC 2440). The subkey
> > is also algorithm 1. However, if I sign with this key, gnupg will
> > only use the main key, and if I encrypt with this key, gnupg will only
> > use the subkey. The "!" syntax still does not allow me to encrypt to
> > the main key. I tried removing the subkey altogether, leaving only
> > the main key and gnupg still would not allow it to be used for
> > encryption ("unusuable public key").
>
> PGP will generate v4 keys with algo 1 and keyflags (subpacket 27?) that
> prohibit usage of each key or subkey for anything but signing or
> encrypting, respectively. This is why you are having this issue.
Aha, interesting. Now it makes sense (I missed the keyflags packet).
Thanks!
I wonder why PGP generates v4 RSA keys this way. I know there are
many procedural reasons why it is not a good idea to use a single key
for both signing and encryption, but is there a cryptographic reason
why using a single RSA key for both signing and encryption is a poor
idea, or was it just done to maintain the DSS/ELG key/subkey
sign/encrypt way of doing things that people were familiar with?
I'm looking forward to v4 RSA support in gnupg. It neatly addresses a
common complaint about keeping a very large sign-only key that never
expires to collect signatures, and using the subkeys on that key for
actual work. Gnupg's --export-secret-subkeys feature, plus v4 RSA
pretty much nails the problem for me.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson