Detection of sign-only vs. sign-and-encrypt keys
atom at suspicious.org
Wed Jun 23 09:54:03 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 23 Jun 2004, Stoyan Dimitrov wrote:
> I'm not telling that gpg can not handle RSA keys I'm telling that using
> a RSA encrypting keys is deprecated.
not according to my understanding of the latest OpenPGP draft -
9.1. Public Key Algorithms
1 - RSA (Encrypt or Sign)
2 - RSA Encrypt-Only
3 - RSA Sign-Only
Implementations MUST implement DSA for signatures, and Elgamal for
encryption. Implementations SHOULD implement RSA keys.
Implementations MAY implement any other algorithm.
section 12.4 mentions deprecated _forms_ of RSA keys, but that doesn't
mean that RSA keys will become deprecated anytime soon. that section is
actually the reference to what i previously mentioned:
>> actually... AFAIK, the RSA keys are technically the same for all 3 of
>> the different uses; only the flags on the key specify how it is to be used.
There are algorithm types for RSA-signature-only, and
RSA-encrypt-only keys. These types are deprecated. The "key flags"
subpacket in a signature is a much better way to express the same
idea, and generalizes it to all algorithms. An implementation SHOULD
NOT create such a key, but MAY interpret it.
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"If the world were merely seductive, that would be easy.
If it were merely challenging, that would be no problem.
But I arise in the morning torn between a desire to
improve the world, and a desire to enjoy the world. This
makes it hard to plan the day."
-- E.B. White
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
-----END PGP SIGNATURE-----
More information about the Gnupg-users