RSA keys for encryption and in general DSA/RSA/ElGamal-keypairs

Ulrich Schneider lists at ulrichschneider.de
Fri Jun 18 07:12:15 CEST 2004 

Thanks, that was very helpful.

Besides ... is there a doku how to replace the enc. key with another 
enc. key of higher key length when you want to have the same signature key?



Atom 'Smasher' wrote:

> On Wed, 16 Jun 2004, Ulrich Schneider wrote:
> 
> 
>>> Why are DSA-Keys always generated with only 1024 bits even when I tell 
>>> gpg that the key has to be generated with 2048 bits.
> 
> =================
> 
> DSA is the "digital signature algorithm", DSS is the "digital signature 
> standard" (both specified in FIPS-186). the ~algorithm~ can be used with 
> any size hash or key, but the ~standard~ uses a 160 bit hash (SHA1) with 
> a maximum key size of 1024. it's generally believed that a key larger 
> than 1024 bits used to sign a 160 bit hash would be a waste of bits.
> 
> there are some arguments against this logic, but it's already past my 
> bedtime ;)
> 
> 
>>> And why are there different keypairs for signing and encryption? And 
>>> why are these keypairs from different kind (DSA and ElGamal). Why 
>>> isn`t there one keypair used for signing and encryption?
> 
> =================
> 
> as i understand it, this is largely a historical artifact. RSA performs 
> reasonably well for both signing and encryption, but until recently 
> (2000) it was not in the public domain. public domain algorithms (such 
> as DSA and ElGamal) allowed public key crypto to be used in "free" 
> applications before the RSA patent expired, and they're still with us 
> today.
> 
> the ~other~ algorithms mostly tend to be better suited either for 
> encryption or signing.
> 
> you ~can~ use a single RSA key for both encryption and signing, but 
> there are advantages to having a "primary" key for signing, and one or 
> more "subkeys" for encryption and/or signing.
> 
> 
>>> gnupg says the following:
>>> Please select what kind of key you want:
>>>   (1) DSA and ElGamal (default)
>>>   (2) DSA (sign only)
>>>   (4) RSA (sign only)
>>>
>>> So as you can see here, even RSA is used for signing only. Why is there
>>> no possibility to use RSA keypairs for encryption?
> 
> =================
> 
> if you use this:
>     $ gpg --expert --gen-key
> 
> you will have an option to create an RSA key that can be used for both 
> signing and encryption:
>     (6) RSA (sign and encrypt)
> 
> you can use that all by itself as a key, but i'd recommend against it. 
> that's what i use as my ~primary~ key: i have a DSA signing subkey and 
> an ElGamal encryption subkey.
> 
> 
> 
>>> The GNU Privacy Handbook says:
>>> "GnuPG is able to create several different types of keypairs, but a
>>> primary key must be capable of making signatures. There are therefore
>>> only three options. Option 1 actually creates two keypairs. A DSA
>>> keypair is the primary keypair usable only for making signatures. An
>>> ElGamal subordinate keypair is also created for encryption. Option 2 is
>>> similar but creates only a DSA keypair. Option 4[1] creates a single
>>> ElGamal keypair usable for both making signatures and performing
>>> encryption. In all cases it is possible to later add additional subkeys
>>> for encryption and signing. For most users the default option is fine.
> 
> ================
> 
> out of date documentation.... ElGamal is no longer used for signatures.
> 
> 
>>> You must also choose a key size. The size of a DSA key must be between
>>> 512 and 1024 bits, and an ElGamal key may be of any size. GnuPG,
>>> however, requires that keys be no smaller than 768 bits. Therefore, if
>>> Option 1 was chosen and you choose a keysize larger than 1024 bits, the
>>> ElGamal key will have the requested size, but the DSA key will be 1024
>>> bits."
> 
> ===================
> 
> 768 is the smallest DSA key you can create now, but there hardly any 
> reason to use anything less than 1024.
> 
> 
>>> If there is alway two public keys -one for signing and one for
>>> encryption- the question arise for which key is the fingerprint
>>> computed? I guess for the main-key.
> 
> ====================
> 
> you don't ~need~ to have a separate signing and encryption key, but it's 
> a good idea. you can have an RSA key that does both encryption and 
> signing (with no subkeys) or you can have a sign-only key (with no 
> encryption subkeys).
> 
> and yes, the "key fingerprint" is that of the primary key.
> 
> 
>>> But what`s going on with the subkey? Is there no need to check the 
>>> fingerprint of the subkey? Or is it checked indirectly with the 
>>> fingerprint of the main key? How does this work?
> 
> =====================
> 
> a subkey is "bound", or associated with, a particular primary key. if i 
> tell you my "key fingerprint" is "1234", then my subkey(s) must be 
> signed by the primary key (1234).
> 
> that implies (but doesn't actually prove) ownership of the subkey(s).
> 
> if you feel the need, you can check subkey fingerprints using this:
>     $ gpg --fingerprint --fingerprint {key id}
> 
> 
> 
>>> I also have another question. Is there a possibility to show a key in
>>> human readable form. Best output I produced is a gpg --export --armor
>>> <EMAILADRESS>. A key consists of an exponent and a modulus. Is there a
>>> way to show these values?
> 
> =======================
> 
> pgpdump: PGP packet visualizer
> 
> pgpdump will let you look into the heart and soul of OpenPGP data, 
> including keys. if you want to see the exponent, modulus and other fun 
> math stuff do something like this:
>     $ gpg --export {key id} | pgpdump -i
> 
> and pipe that into a pager (more, less, most).
> 
> 
>>> Another problem:
>>> I created a 2048 bit RSA keypair with gpg. When I try to encrypt a file
>>> for this key, gnupg tells me:
>>> gpg: 0x149881408FAB041C: skipped: unusable public key
>>> gpg: <FILE>: encryption failed: unusable public key
>>>
>>> I also have another 2048 bit RSA key in my keyring. Encryption for this
>>> key works. How could that be? Sometimes it works, sometimes not? It
>>> probably has something to to, by which program the key was generated.
>>> Here are the comments taken from the public key block.
> 
> =====================
> 
> in order for an RSA key to work for both signing and encryption, you 
> have to create it as a "sign and encrypt" RSA key, as described above.
> 
> using pgpdump, a sign-only RSA key will say:
>                 Flag - This key may be used to certify other keys
>                 Flag - This key may be used to sign data
> a sign and encrypt RSA key will _also_ say:
>                 Flag - This key may be used to encrypt communications
>                 Flag - This key may be used to encrypt storage
> 
> 
>>> Probably I told you too many questions, but I`m relly interested in
>>> understanding, how the whole thing works.
> 
> ====================
> 
> i know how it is... i'm new to pgp/gpg myself. i've only been using it 
> for less than a year, but i started out by reading EVERYTHING i could 
> find on the topic, twice (and asking some pretty stupid questions).
> 
> after playing and experimenting with it, i've become very comfortable 
> with it's inner workings.
> 
> this is a good list for asking questions...
> 
> 
> 
>      ...atom
> 
>  _________________________________________
>  PGP key - http://atom.smasher.org/pgp.txt
>  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
>  -------------------------------------------------
> 
>     "Cryptography is like literacy in the Dark Ages. Infinitely
>      potent, for good and ill... yet basically an intellectual
>      construct, an idea, which by its nature will resist efforts
>      to restrict it to bureaucrats and others who deem only
>      themselves worthy of such Privilege."
>         -- Vin McLellan,
>         A Thinking Man's Creed for Crypto

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

More information about the Gnupg-users mailing list