1.07 RSA support questions

David Shaw dshaw@jabberwocky.com
Mon Jun 3 17:03:01 2002

On Mon, Jun 03, 2002 at 09:32:57AM -0500, Larry Ellis wrote:
> Two questions about legacy RSA support under 1.07:

> 1. When encrypting to a legacy RSA key, I get 3DES, not IDEA, as my
> cipher choice even though the IDEA plugin is installed.  I have no
> cipher override in the options file, though at one time I *did* have
> 3DES there...  Of course, if --pgp2 is used, IDEA *is* used as
> expected.  Perhaps I should place --pgp2 in my options file? Are there
> any disadvantages to doing so?

Yes, there are.  If "pgp2" is set in the options file, GnuPG disables
certain options that you might want to use (like sign&encrypt in one

> 2. Is it normal for an RSA key gen to build a signature-only style
> key?  Why?  I can add a subkey for encryption, but why would I want to
> do this?  I know RSA is not the preferred choice for GPG, but I'm
> curious if this is the intended behavior.

Yes.  This isn't really a RSA thing so much as an OpenPGP thing.
OpenPGP keys are generally made up of a signing-only master key, with
multiple subkeys to do various other tasks (usually encryption).

The next GnuPG will let you generate a RSA sign+encrypt key, but this
is not recommended.


   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson