elGamal Keys to Sign+Encrypt

Len Sassaman rabbi@abditum.com
Tue Jan 14 12:03:16 2003


On Mon, 13 Jan 2003, David Shaw wrote:

> However, that said, why should a CA care?  I wouldn't make the CA
> signing key an Elgamal signing key, but it shouldn't matter if you
> certify an ElGamal key.

It depends on your CSP. A CA is making an assertion that the entity
possessing the secret key corresponding to a given public key is or has
some bit of information included in the certificate. If the public key
algorithm is too weak to reasonably trust that the private key cannot be
discovered by a third party, it is not wise to sign.

Similar logic dictates that Verisign is broken for signing 384 bit RSA SSL
certificates.