Using ELG sign and encrypt key

Werner Koch wk@gnupg.org
Fri Jun 7 13:06:02 2002


On Thu, 6 Jun 2002 14:58:34 -0700, David Picón Álvarez said:

> When I created my new gpg key, I decided to use ElGamal sign and encrypt
> key, because it permits having a 4096 signature key, and I thought that gave
> it more security. However, I've been reading the archives of this mailing
> lists, and it is said that using the same key for signing and encryption is
> NOT a good idea. Could someone explain why or point me to a relevant
> resource? Should I go back to using my DSA/ELG key instead?

Yes, there are only 28 key ELG sign+encrypt keys on the keyservers.
They won't work with PGP, signing is very slow and there are probably
some vulenrabilities.  The key size alone is not a measure of
security; for exampleyou have to take the size of the hash into
account which is still 160 bits even with a 4k key.


Salam-Shalom,

   Werner