1.07 RSA support questions
David Shaw
dshaw@jabberwocky.com
Mon Jun 3 17:03:01 2002
On Mon, Jun 03, 2002 at 09:32:57AM -0500, Larry Ellis wrote:
> Two questions about legacy RSA support under 1.07:
>
> 1. When encrypting to a legacy RSA key, I get 3DES, not IDEA, as my
> cipher choice even though the IDEA plugin is installed. I have no
> cipher override in the options file, though at one time I *did* have
> 3DES there... Of course, if --pgp2 is used, IDEA *is* used as
> expected. Perhaps I should place --pgp2 in my options file? Are there
> any disadvantages to doing so?
Yes, there are. If "pgp2" is set in the options file, GnuPG disables
certain options that you might want to use (like sign&encrypt in one
step!)
> 2. Is it normal for an RSA key gen to build a signature-only style
> key? Why? I can add a subkey for encryption, but why would I want to
> do this? I know RSA is not the preferred choice for GPG, but I'm
> curious if this is the intended behavior.
Yes. This isn't really a RSA thing so much as an OpenPGP thing.
OpenPGP keys are generally made up of a signing-only master key, with
multiple subkeys to do various other tasks (usually encryption).
The next GnuPG will let you generate a RSA sign+encrypt key, but this
is not recommended.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson