Using ELG sign and encrypt key

Brian M. Carlson karlsson@hal-pc.org
Fri Jun 7 22:06:02 2002


--5mCyUwZo2JvN/JJP
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jun 06, 2002 at 11:01:37PM +0200, Werner Koch wrote:
> On Thu, 6 Jun 2002 14:58:34 -0700, David Pic=C3=B3n =C3=81lvarez said:
>=20
> > When I created my new gpg key, I decided to use ElGamal sign and encrypt
> > key, because it permits having a 4096 signature key, and I thought that=
 gave
> > it more security. However, I've been reading the archives of this maili=
ng
> > lists, and it is said that using the same key for signing and encryptio=
n is
> > NOT a good idea. Could someone explain why or point me to a relevant
> > resource? Should I go back to using my DSA/ELG key instead?
>=20
> Yes, there are only 28 key ELG sign+encrypt keys on the keyservers.
> They won't work with PGP, signing is very slow and there are probably
> some vulenrabilities.  The key size alone is not a measure of
> security; for exampleyou have to take the size of the hash into
> account which is still 160 bits even with a 4k key.

I am the proud owner of one of those 28 keys. Although PRZ loathes
ElGamal type 20 keys, I rather like them. However, there are some
issues: because Discrete Logarithm algorithms create two elements to
sign instead of one, and ElGamal is a Discrete Logarithm algo, type 20
sigs will be huge. I got serious flak from other mailing lists about
this. You can use other, larger hash algorithms such as the SHA2 suite
-- if you think they're secure. Yes, type 20 keys won't work with any
PGP except ckt build06+. Some people think that using one key for
signing and encryption is a bad idea because if the Big Bad Government
comes after you and confiscates your key, you'll have to give up your
signing key instead of just your encryption key. Werner is correct: it
*is* very hard to correctly implement ElGamal signatures, but GnuPG does
it correctly, and has for several versions now. Your secrets are secure.
Either way, it's your choice.

BTW, my ElGamal type 20 key is 0xDCA1913A.

--=20
Brian M. Carlson <karlsson@hal-pc.org> <http://decoy.wox.org/~bmc> 0x560553=
E7
Knebel's Law:
	It is now proved beyond doubt that smoking is one of the leading
	causes of statistics.

--5mCyUwZo2JvN/JJP
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7a-cvs (GNU/Linux)
Comment: Ubi libertas, ibi patria.

iQEVAwUBPQESYuWR/8lWBVPnAQNCvwf/e9ATIEwzRDWSndCw+gRNlUgD9liz29gb
XZpnqMN3eyeUp4TsP7FKYiC8cUfVyzM+YMh9RuR1Utac0u0mSnLn/2b2XMiMMlVy
ks1hpUkdGm2RGL40hF/7l4Ffm+vLZ5IgmvHcTqa2ln2a8AA0NhhLgCwmJgkCvav4
I6QUKq9KmdBq6Io7ORg+lOZ4B7Aos1MFDvOQwT8VpQtoIQdNCQ0tiy4XppopITyl
XPNXXh6uxh4KT2x8U2NcvnQFncfxBL80/WEX1L1BoVmh8uLt70RGMrVEYyaYGRS7
LdY0O05SgRu1iSsBko6l2YHaBTPX9zSKK5UJiCIqX+NXgNKVey0JzA==
=LMnh
-----END PGP SIGNATURE-----

--5mCyUwZo2JvN/JJP--