elGamal Keys to Sign+Encrypt

David Shaw dshaw@jabberwocky.com
Tue Jan 14 01:04:02 2003

On Mon, Jan 13, 2003 at 01:23:44PM +0100, Olaf Gellert wrote:

> I just tried to generate an elGamal-only key (for
> signing and encryption). I noticed, that obviously
> the elGamal-only keys are deprecated in GPG version
> 1.2.1 and you can only generate them in the expert-
> mode. Some issues (security flaws, ...) with these
> keys?
> We are thinking about which keys we want to sign
> with our certification authority, so are there any
> arguments against elGamal (besides that nearly
> no application can handle them)?

Well, that's a pretty big argument against ElGamal ;)  It's also
incredibly slow, makes big signatures, and requires special care when
generating the key or signatures from the key can be forged.

However, that said, why should a CA care?  I wouldn't make the CA
signing key an Elgamal signing key, but it shouldn't matter if you
certify an ElGamal key.


   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson