Curiosity with RSA sign/encrypt keys

[Len Sassaman]

On Mon, 9 Jul 2001, David Shaw wrote:

> Hi,
>
> I was doing some experimenting with the "new" (v4) RSA key format
> (which cannot be generated by gnupg, but if you generate them via pgp,
> gnupg will use them), and I ran into an interesting situation:
>
> When looking at the actual packets in the key, the main public key is
> algorithm 1 (i.e. "RSA Encrypt or Sign" as per RFC 2440).  The subkey
> is also algorithm 1.  However, if I sign with this key, gnupg will
> only use the main key, and if I encrypt with this key, gnupg will only
> use the subkey.  The "!" syntax still does not allow me to encrypt to
> the main key.  I tried removing the subkey altogether, leaving only
> the main key and gnupg still would not allow it to be used for
> encryption ("unusuable public key").

This is correct behavior.

> There are other algorithms (2 for RSA encrypt-only, and 3 for RSA
> sign-only) that would make sense with this restriction, but algorithm
> 1 is specifically specified as an encryption and signing key.

Types 2 and 3 exist for historical reasons only.

> I know that in real world use, there are a zillion reasons to use
> primary and subkeys to divide signing and encryption and not use the
> same key for both.  I'm just trying to understand gnupg's behavior
> here.

GnuPG is behaving correctly. This is the same behavior that PGP exhibits.
If you examine your key more closely, you will see that the RSA keys are
marked with key flags specifying encrypt-only and sign-only.