GnuPG ElGamal Signing Key

David Shaw dshaw at
Wed Sep 17 06:15:21 CEST 2008

On Sep 16, 2008, at 11:03 PM, Kevin Hilton wrote:

> Although you would have to go to lengths to create an ElGamal signing
> key (rather than a DSA or RSA key), is use of an ElGamal signing key
> still considered to be bad behaivor?  The last article I read from
> 2003 suggested ElGamal signing keys (strictly different than ElGamal
> encryption keys) had been compromised:

There was a bug in the Elgamal signing key code in GPG back then.   
There is no longer a bug... and there is also no longer Elgamal  
signing key code.  Elgamal signing keys were dropped from the OpenPGP  
standard in RFC-4880, and so will not be supported in GPG.

> As a side note, are there any other possible algorithms that may be
> used to generate a signing key other than DSA/RSA/ElGamal.

Yes, but not in OpenPGP.


More information about the Gnupg-users mailing list