Detection of sign-only vs. sign-and-encrypt keys

Atom 'Smasher' atom at
Wed Jun 23 09:54:03 CEST 2004

Hash: SHA1

On Wed, 23 Jun 2004, Stoyan Dimitrov wrote:

> I'm not telling that gpg can not handle RSA keys I'm telling that using
> a RSA encrypting keys is deprecated.

not according to my understanding of the latest OpenPGP draft -

9.1. Public Key Algorithms

         ID           Algorithm
         --           ---------
         1          - RSA (Encrypt or Sign)
         2          - RSA Encrypt-Only
         3          - RSA Sign-Only

     Implementations MUST implement DSA for signatures, and Elgamal for
     encryption. Implementations SHOULD implement RSA keys.
     Implementations MAY implement any other algorithm.

section 12.4 mentions deprecated _forms_ of RSA keys, but that doesn't 
mean that RSA keys will become deprecated anytime soon. that section is 
actually the reference to what i previously mentioned:

>> actually... AFAIK, the RSA keys are technically the same for all 3 of 
>> the different uses; only the flags on the key specify how it is to be used.

     There are algorithm types for RSA-signature-only, and
     RSA-encrypt-only keys. These types are deprecated. The "key flags"
     subpacket in a signature is a much better way to express the same
     idea, and generalizes it to all algorithms. An implementation SHOULD
     NOT create such a key, but MAY interpret it.


  PGP key -
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"If the world were merely seductive, that would be easy.
 	 If it were merely challenging, that would be no problem.
 	 But I arise in the morning torn between a desire to
 	 improve the world, and a desire to enjoy the world. This
 	 makes it hard to plan the day."
 		-- E.B. White
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?


More information about the Gnupg-users mailing list