Detection of sign-only vs. sign-and-encrypt keys
Atom 'Smasher'
atom at suspicious.org
Wed Jun 23 09:54:03 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 23 Jun 2004, Stoyan Dimitrov wrote:
> I'm not telling that gpg can not handle RSA keys I'm telling that using
> a RSA encrypting keys is deprecated.
======================
not according to my understanding of the latest OpenPGP draft -
http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-10.txt
9.1. Public Key Algorithms
ID Algorithm
-- ---------
1 - RSA (Encrypt or Sign)
2 - RSA Encrypt-Only
3 - RSA Sign-Only
<<snip>>
Implementations MUST implement DSA for signatures, and Elgamal for
encryption. Implementations SHOULD implement RSA keys.
Implementations MAY implement any other algorithm.
section 12.4 mentions deprecated _forms_ of RSA keys, but that doesn't
mean that RSA keys will become deprecated anytime soon. that section is
actually the reference to what i previously mentioned:
>> actually... AFAIK, the RSA keys are technically the same for all 3 of
>> the different uses; only the flags on the key specify how it is to be used.
There are algorithm types for RSA-signature-only, and
RSA-encrypt-only keys. These types are deprecated. The "key flags"
subpacket in a signature is a much better way to express the same
idea, and generalizes it to all algorithms. An implementation SHOULD
NOT create such a key, but MAY interpret it.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"If the world were merely seductive, that would be easy.
If it were merely challenging, that would be no problem.
But I arise in the morning torn between a desire to
improve the world, and a desire to enjoy the world. This
makes it hard to plan the day."
-- E.B. White
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iEYEARECAAYFAkDZNyEACgkQnCgLvz19QeNDJwCfSIamymIC0+14jW8/I79TQx9i
k3EAn2wHe1oIf4Jq35cMU7j2pZ10CGyg
=l4sL
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list