Looking for Elgamal sign+encrypt key information

Werner Koch wk at gnupg.org
Sun Mar 14 19:19:01 CET 2004

On Sun, 14 Mar 2004 09:23:40 -0700, Kurt Fitzner said:

> the original announcement, which says it was disabled because of an
> implementation flaw.  However, one small item in this mailing list's
> archives suggests that the implementation flaw was actually corrected in
> 1.2.4.  

The ElGamal signature scheme is very very hard to get right and we
have seen many attacks on it over the last years.  I orginally
implemented it in GnuPG because at that time the patent status of DSA
was not clear.

Although the current problem was "only" an implementation bug, it
proved again how hard it is to get this signature scheme right.
Instead of fixing it we removed the ability to create Elgamal
signature in 1.2.x and entirely dropped support in 1.3.x.

For background info see http://www.di.ens.fr/~pnguyen/pub.html#Ng04

> When I am using Windows platforms, I tend to use PGP 6.5.8ckt, which
> does support the use of Elgamal sign+encrypt keys.  So if there are

It has been said a thousand times in the last years: DO NOT USE
ELAGAMAL SIGNATURES - they are dangerous, slow and obsolete. There is
a far better alternative: DSA - as Phil Zimmermann puts it: "DSA is
Elgamal debugged".


More information about the Gnupg-users mailing list