Questions from a newbie

Robert J. Hansen rjh at
Tue Dec 5 12:22:12 CET 2006

Hardeep Singh wrote:
> 1. While creating the key, I noticed RSA is sign only. Does it mean
> an RSA key cannot be used to encrypt?

No.  I use a set of RSA keys to encrypt and sign data.  All that it
means is you need to create your set of encryption keys in a separate
step from creating your signing keys.

When creating DSA/Elg keys, both the signing and encryption keys are
created at the same time.  RSA keys are created differently.  Don't
really know why it's that way, but that's the way it is.

> The algorithm used instead by GnuPG is "DSA and Elgamal' which I
> havent heard of and dont know if they are equally secure.

The term 'Elgamal' has an unfortunate multitude of meanings.  It refers
to the Egyptian-American researcher Taher el Gamal, whose name has been
Americanized as Elgamal.  He did a lot of fundamental research into an
entire family of cryptographic algorithms, which have since been called
the Elgamal family.

Elgamal is also used to describe a particular algorithm within the
Elgamal family.

The Digital Signature Algorithm, DSA, is part of the Elgamal family.  So
when you see "DSA and Elgamal", please don't think of them as two
different algorithms; think of them as two very closely related algorithms.

Anyway.  You were wondering if the Elgamals are equally secure to RSA.
The short answer is the Elgamals are believed to be comparable to RSA.
Or maybe we should say RSA is believed comparable to the Elgamals.
Either way, they can be used with confidence.

> Are these compatible with PGP?

PGP 5.0 or better, yes.

> 2. What happens if I loose the pendrive? They would not know the 
> password but they would have the secret key.

No, they would not.

The secret key is stored in an encrypted format.  The passphrase is
needed to decrypt the secret key so that GnuPG can then use it.

The cipher used to encrypt the secret key is of comparable strength to
the cipher used to encrypt a PGP message.  This means that as long as
your passphrase is strong, you could publish your secret key in the _New
York Times_ and still be confident that nobody would be able to read
your email.

> 3. Is there a wipe function or a wipe software also available from
> Gnu similar to the one offered by PGP? I need one that can be run
> from a pendrive without installation.

For this one, we need to know what operating system you're using.

More information about the Gnupg-users mailing list