RSA keys (1.2.3)
David Shaw
dshaw at jabberwocky.com
Sat Dec 20 09:27:23 CET 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, Dec 20, 2003 at 02:23:38AM -0800, Atom 'Smasher' wrote:
> i'm trying to add an RSA sub key using:
> gpg --edit-key
> and:
> gpg --edit-key --expert
>
> i get to a menu like this (in expert mode):
> -----------------------------------------
> Command> addkey
> Key is protected.
>
> You need a passphrase to unlock the secret key for
> user: "Atom Smasher <atom at suspicious.org>"
> 1024-bit DSA key, ID 3D7D41E3, created 2003-10-04
>
> Please select what kind of key you want:
> (2) DSA (sign only)
> (3) ElGamal (encrypt only)
> (4) ElGamal (sign and encrypt)
> (5) RSA (sign only)
> (6) RSA (encrypt only)
> (7) RSA (sign and encrypt)
> Your selection?
> -----------------------------------------
>
> and it makes no difference which one of the 3 RSA keys i select, it only
> generates:
> Pub alg - RSA Encrypt or Sign(pub 1)
>
> according to RFC2440 i should be getting my choice of:
> 1 - RSA (Encrypt or Sign)
> 2 - RSA Encrypt-Only
> 3 - RSA Sign-Only
>
> but i'm only getting type 1 RSA keys.
No. RFC-2440:
There are algorithm types for RSA-signature-only, and
RSA-encrypt-only keys. These types are deprecated. The "key flags"
subpacket in a signature is a much better way to express the same
idea, and generalizes it to all algorithms. An implementation
SHOULD NOT create such a key, but MAY interpret it
RSA sign-only and encrypt-only is a RSA sign+encrypt key with key
flags set.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE/5FxK4mZch0nhy8kRAvvUAKDF0Ose3GaOZjzTkGW4Lq5M+BbxRACglmrt
44rnWq0Pb0zyJxPIyGk0+zo=
=dxEn
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list