RSA keys for encryption and in general DSA/RSA/ElGamal-keypairs
Ulrich Schneider
lists at ulrichschneider.de
Fri Jun 18 07:12:15 CEST 2004
Thanks, that was very helpful.
Besides ... is there a doku how to replace the enc. key with another
enc. key of higher key length when you want to have the same signature key?
Atom 'Smasher' wrote:
> On Wed, 16 Jun 2004, Ulrich Schneider wrote:
>
>
>>> Why are DSA-Keys always generated with only 1024 bits even when I tell
>>> gpg that the key has to be generated with 2048 bits.
>
> =================
>
> DSA is the "digital signature algorithm", DSS is the "digital signature
> standard" (both specified in FIPS-186). the ~algorithm~ can be used with
> any size hash or key, but the ~standard~ uses a 160 bit hash (SHA1) with
> a maximum key size of 1024. it's generally believed that a key larger
> than 1024 bits used to sign a 160 bit hash would be a waste of bits.
>
> there are some arguments against this logic, but it's already past my
> bedtime ;)
>
>
>>> And why are there different keypairs for signing and encryption? And
>>> why are these keypairs from different kind (DSA and ElGamal). Why
>>> isn`t there one keypair used for signing and encryption?
>
> =================
>
> as i understand it, this is largely a historical artifact. RSA performs
> reasonably well for both signing and encryption, but until recently
> (2000) it was not in the public domain. public domain algorithms (such
> as DSA and ElGamal) allowed public key crypto to be used in "free"
> applications before the RSA patent expired, and they're still with us
> today.
>
> the ~other~ algorithms mostly tend to be better suited either for
> encryption or signing.
>
> you ~can~ use a single RSA key for both encryption and signing, but
> there are advantages to having a "primary" key for signing, and one or
> more "subkeys" for encryption and/or signing.
>
>
>>> gnupg says the following:
>>> Please select what kind of key you want:
>>> (1) DSA and ElGamal (default)
>>> (2) DSA (sign only)
>>> (4) RSA (sign only)
>>>
>>> So as you can see here, even RSA is used for signing only. Why is there
>>> no possibility to use RSA keypairs for encryption?
>
> =================
>
> if you use this:
> $ gpg --expert --gen-key
>
> you will have an option to create an RSA key that can be used for both
> signing and encryption:
> (6) RSA (sign and encrypt)
>
> you can use that all by itself as a key, but i'd recommend against it.
> that's what i use as my ~primary~ key: i have a DSA signing subkey and
> an ElGamal encryption subkey.
>
>
>
>>> The GNU Privacy Handbook says:
>>> "GnuPG is able to create several different types of keypairs, but a
>>> primary key must be capable of making signatures. There are therefore
>>> only three options. Option 1 actually creates two keypairs. A DSA
>>> keypair is the primary keypair usable only for making signatures. An
>>> ElGamal subordinate keypair is also created for encryption. Option 2 is
>>> similar but creates only a DSA keypair. Option 4[1] creates a single
>>> ElGamal keypair usable for both making signatures and performing
>>> encryption. In all cases it is possible to later add additional subkeys
>>> for encryption and signing. For most users the default option is fine.
>
> ================
>
> out of date documentation.... ElGamal is no longer used for signatures.
>
>
>>> You must also choose a key size. The size of a DSA key must be between
>>> 512 and 1024 bits, and an ElGamal key may be of any size. GnuPG,
>>> however, requires that keys be no smaller than 768 bits. Therefore, if
>>> Option 1 was chosen and you choose a keysize larger than 1024 bits, the
>>> ElGamal key will have the requested size, but the DSA key will be 1024
>>> bits."
>
> ===================
>
> 768 is the smallest DSA key you can create now, but there hardly any
> reason to use anything less than 1024.
>
>
>>> If there is alway two public keys -one for signing and one for
>>> encryption- the question arise for which key is the fingerprint
>>> computed? I guess for the main-key.
>
> ====================
>
> you don't ~need~ to have a separate signing and encryption key, but it's
> a good idea. you can have an RSA key that does both encryption and
> signing (with no subkeys) or you can have a sign-only key (with no
> encryption subkeys).
>
> and yes, the "key fingerprint" is that of the primary key.
>
>
>>> But what`s going on with the subkey? Is there no need to check the
>>> fingerprint of the subkey? Or is it checked indirectly with the
>>> fingerprint of the main key? How does this work?
>
> =====================
>
> a subkey is "bound", or associated with, a particular primary key. if i
> tell you my "key fingerprint" is "1234", then my subkey(s) must be
> signed by the primary key (1234).
>
> that implies (but doesn't actually prove) ownership of the subkey(s).
>
> if you feel the need, you can check subkey fingerprints using this:
> $ gpg --fingerprint --fingerprint {key id}
>
>
>
>>> I also have another question. Is there a possibility to show a key in
>>> human readable form. Best output I produced is a gpg --export --armor
>>> <EMAILADRESS>. A key consists of an exponent and a modulus. Is there a
>>> way to show these values?
>
> =======================
>
> pgpdump: PGP packet visualizer
>
> pgpdump will let you look into the heart and soul of OpenPGP data,
> including keys. if you want to see the exponent, modulus and other fun
> math stuff do something like this:
> $ gpg --export {key id} | pgpdump -i
>
> and pipe that into a pager (more, less, most).
>
>
>>> Another problem:
>>> I created a 2048 bit RSA keypair with gpg. When I try to encrypt a file
>>> for this key, gnupg tells me:
>>> gpg: 0x149881408FAB041C: skipped: unusable public key
>>> gpg: <FILE>: encryption failed: unusable public key
>>>
>>> I also have another 2048 bit RSA key in my keyring. Encryption for this
>>> key works. How could that be? Sometimes it works, sometimes not? It
>>> probably has something to to, by which program the key was generated.
>>> Here are the comments taken from the public key block.
>
> =====================
>
> in order for an RSA key to work for both signing and encryption, you
> have to create it as a "sign and encrypt" RSA key, as described above.
>
> using pgpdump, a sign-only RSA key will say:
> Flag - This key may be used to certify other keys
> Flag - This key may be used to sign data
> a sign and encrypt RSA key will _also_ say:
> Flag - This key may be used to encrypt communications
> Flag - This key may be used to encrypt storage
>
>
>>> Probably I told you too many questions, but I`m relly interested in
>>> understanding, how the whole thing works.
>
> ====================
>
> i know how it is... i'm new to pgp/gpg myself. i've only been using it
> for less than a year, but i started out by reading EVERYTHING i could
> find on the topic, twice (and asking some pretty stupid questions).
>
> after playing and experimenting with it, i've become very comfortable
> with it's inner workings.
>
> this is a good list for asking questions...
>
>
>
> ...atom
>
> _________________________________________
> PGP key - http://atom.smasher.org/pgp.txt
> 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
> -------------------------------------------------
>
> "Cryptography is like literacy in the Dark Ages. Infinitely
> potent, for good and ill... yet basically an intellectual
> construct, an idea, which by its nature will resist efforts
> to restrict it to bureaucrats and others who deem only
> themselves worthy of such Privilege."
> -- Vin McLellan,
> A Thinking Man's Creed for Crypto
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
More information about the Gnupg-users
mailing list