Detection of sign-only vs. sign-and-encrypt keys

Atom 'Smasher' atom at suspicious.org
Wed Jun 23 09:54:03 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 23 Jun 2004, Stoyan Dimitrov wrote:

> I'm not telling that gpg can not handle RSA keys I'm telling that using
> a RSA encrypting keys is deprecated.
======================

not according to my understanding of the latest OpenPGP draft -
  http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-10.txt

9.1. Public Key Algorithms

         ID           Algorithm
         --           ---------
         1          - RSA (Encrypt or Sign)
         2          - RSA Encrypt-Only
         3          - RSA Sign-Only
 	<<snip>>

     Implementations MUST implement DSA for signatures, and Elgamal for
     encryption. Implementations SHOULD implement RSA keys.
     Implementations MAY implement any other algorithm.


section 12.4 mentions deprecated _forms_ of RSA keys, but that doesn't 
mean that RSA keys will become deprecated anytime soon. that section is 
actually the reference to what i previously mentioned:

>> actually... AFAIK, the RSA keys are technically the same for all 3 of 
>> the different uses; only the flags on the key specify how it is to be used.

     There are algorithm types for RSA-signature-only, and
     RSA-encrypt-only keys. These types are deprecated. The "key flags"
     subpacket in a signature is a much better way to express the same
     idea, and generalizes it to all algorithms. An implementation SHOULD
     NOT create such a key, but MAY interpret it.


  	...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"If the world were merely seductive, that would be easy.
 	 If it were merely challenging, that would be no problem.
 	 But I arise in the morning torn between a desire to
 	 improve the world, and a desire to enjoy the world. This
 	 makes it hard to plan the day."
 		-- E.B. White
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iEYEARECAAYFAkDZNyEACgkQnCgLvz19QeNDJwCfSIamymIC0+14jW8/I79TQx9i
k3EAn2wHe1oIf4Jq35cMU7j2pZ10CGyg
=l4sL
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list