Looking for Elgamal sign+encrypt key information

David Shaw dshaw at jabberwocky.com
Mon Mar 15 23:56:51 CET 2004

On Mon, Mar 15, 2004 at 05:28:19PM -0500, Atom 'Smasher' wrote:

> > >Note that the upcoming revision to the OpenPGP standard does
> > >not include Elgamal signatures.
> ==========================
> looks like the latest draft doesn't really encourage RSA....
> http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-09.txt
>     Implementations MUST implement DSA for signatures, and ElGamal for
>     encryption. Implementations SHOULD implement RSA keys.
>     Implementations MAY implement any other algorithm.
> so, if one were to make an RSA-only key, that key would not be strictly
> openPGP compliant? one would have to add an ElGamal subkey, for full
> compliance?

No.  RSA is compliant, but not required.  In other words, go right
ahead and use it, but not everyone is required to talk to you.

In reality, it is very hard to find an OpenPGP implementation that
doesn't do RSA.  GnuPG 1.4 can be specially built without RSA, but
unless you are building an embdedded system, there is no point.  I
wouldn't worry about it.  If you like RSA, use RSA.

> in that case, what would be a good way (or ways) to force the sender to
> use the RSA encryption key, and only use the ElGamal encryption key if RSA
> isn't supported on their end?

This isn't specified in the standard, so it depends on what the
various implementations do.  GnuPG will try and use the most recent
subkey, so if you make the RSA subkey last, it will be used.


More information about the Gnupg-users mailing list